"Destroying Data"

Posted by John Gregory: "I'd like to update my thinking on the following question:

What is the responsible way to get rid of electronic information that one does not want, or that one has a legal duty to get rid of (like irrelevant personal information)?

Some of the alternatives:

• delete the information from one's drive. (unlikely to be satisfactory, since 'undelete' programs are readily available)
• reformat the drive
• apply a specialized 'wiping' program (one or more times)
• destroy the drive physically
• encrypt the data on the drive then destroy the keys

Ontario's Information and Privacy Commissioner takes the view that the best way properly to get rid of (third party) personal information that one no longer wants to hold or that one is required by law not to hold, is to destroy the medium on which it is found -- wiping disks "may not ... irreversibly erase every bit of data on a drive." [See the IPC Fact Sheet on secure destruction of personal information, Dec 06 PDF]

I am not aware of any instances in Ontario, or elsewhere in Canada, in which PI was improperly recovered from a wiped disk, though; so the Commissioner may be giving a counsel of perfection..."

Full text and the active link are available at the source site listed below.

Source:  Slaw, 5 January 2009