Data Sanitization - CyberHoot Cyber Library

Data Sanitization is the process of permanently and irreversibly destroying data on a storage device in a deliberate manner, often for compliance or cybersecurity purposes. After data sanitization, a storage device will have no remaining usable data, and there is no way to recover any of the data, even with the use of advanced forensic and data recovery tools. Data sanitization has long played a key role in protecting sensitive business data, and its become an increasing necessity as compliance regulations have become more prominent and stringent in recent years; especially following the EU’s General Data Protection Regulation (GDPR), which requires companies to erase customer data upon request and provide proof of data sanitization measures.

Data sanitization is a more comprehensive method of data deletion than similar strategies like device factory reset, data wiping, data clearing, disk scrubbing, file shredding, etc. Data sanitization goes a step beyond data destruction in that it requires verification or proof that no recoverable or usable data remains on the storage media once sanitized.

What does this mean for an SMB?

Data sanitization is a critical action that should be done by your IT staff during the employee off-boarding process. With that said, ensure that you govern your employees with policies and procedures so they are aware of what is expected of them. Your organization needs a password policy, an acceptable use policy, an information handling policy, and a written information security program (WISP) at a minimum. Data sanitization is also a great way to ensure you are compliant with data deletion requests, useful for compliance in CCPA or GDPR.