It's not about the erasure, it's about the data about the data erasure - well almost

It amazes me that after the best part of 20 years erasing data I still meet people who don't "get" the importance of data erasure.  Technically it's not difficult but it must be absolute.  Like a climber’s rope; few will marvel at the structure and make up of a rope but you sure as hell don’t want it to fail and even if it does you want a fail-safe.  

The founder and ex-CEO of Blancco Kim Väisänen once said, "It's not about the erasure, it's about the data about the data erasure".  At the time especially coming from Kim it slapped me round the face.  There are dozens of tools which can send a simple known command to a drive.  The key is to prove the device has done what you have told it to and then proving that with a traceable output which confirms that something was completed, by whom, when, what and where.  The traceability is as such at least as important as the function.

Kim Väisänen also once said to me “a fool with a tool, is still a fool”.  He meant that even if you develop the very best tool to do a job in the hands of a human being mistakes will always be made.  I once toured a large ITAD in West Chicago.  The IT chap showed me the erasure line which used CD’s and stickers.  I asked “what happens if you make a mistake” and he answered “we don’t”.  He and his team are the first perfect human beings I have ever met.  They really shouldn’t be erasing hard disks but should have applied their skills to open heart surgery perhaps.

So using a tool to erase is the simple part in that technically it’s not very challenging.  Traceability and proof and preventing on-sale if there has been a mistake are far more challenging.  Capturing the unique details of the hard disk drive and parent device is a part of this.  Recording the operator, date and time and what has been undertaken is another, however far more important are the fail-safes.

What happens when the power fails or the fire alarm goes off half way through?  What happens when somebody makes a mistake and puts the label on saying the drive is safe when it is not? This is especially a risk when an operator is doing boring repetitive tasks. 

It’s more complicated than simple reporting. The business process needs to check and inspect that the drive and device are safe before allowing the on-sale or shipment of either the hard disk or the parent device.  In real terms this is far greater a risk then either the tool used or the number or patterns of overwrites. Joe going on his lunch break or replying to a text message from his girlfriend rather than this tool, or that is a greater real world challenge.


Sending a command to a drive is simple.  Ensuring 100% human accuracy requires systematic fail-safes.  I agree that erasure is just one part of the data-lifecycle however it is an important one.  Think of all the money spend on retention of data and protection of data such as encryption. Destruction is the end of the data-life cycle and in the future we will need to prove that this has been successfully completed.