Sometimes you need to permanently delete data from a hard drive - maybe it is credit card information that was never supposed to be stored or maybe it is old patient data that is required to be deleted after a certain amount of time. Either way, since there are regulations governing how this data is stored, there are regulations governing how it should be deleted to ensure that it is 100% gone.
You might think that simply sending to the Trash (on a Mac) or to the Recycle Bin (on a Windows) will get rid of that data for good. In reality, the files are still there and accessible to any hacker that gains access to your network. You will still be held liable if the sensitive information held in your network is maliciously accessed.
The Payment Card Industry (PCI) says that, “If not securely deleted, this data could remain hidden on merchant systems, and malicious individuals who obtain access to this information could use it to produce counterfeit payment cards, and/or to perform fraudulent transactions.”
And HIPAA rules state that “covered entities [healthcare providers] implement policies and procedures to address the final disposition of electronic PHI [Protected Health Information] and/or the hardware or electronic media on which it is stored.”
On your computer
If you’re tech savvy, you probably already knew that sending files to the trash doesn’t completely delete them. However, did you know that even after emptying the trash or the recycle bin, some files may still be accessible? This is because computers don’t actually wipe files right then and there, they simply mark them to be overwritten by new files.
The average computer user won’t be able to find these deleted files but an experienced hacker will be able to. The only way to securely and immediately delete files is to:
Use the “Secure Empty Trash” feature on Mac
Use a third party program like CCleaner or Eraser for Windows.
If you wish to make files dissolve into thin air, this is the way to go.
Within your backups
If you are properly backing up files (which you should be) you will have other copies of sensitive data that need to be erased. You should think about places that data is stored including:
External hard drive backups
Physical backups (CDs and DVDs)
It is important to visit those areas and securely delete any files that need to be removed. If you want to delete everything from an external hard drive, you should reformat it in order to be sure that everything is gone. You can use a program like CCleaner. This is something you need to do if you are going to dispose of the hard drive because someone could easily lift it out of the trash, take it home, and have access to any leftover files.
You shouldn’t be sending sensitive information like login credentials, protected health information (PHI), social security numbers, bank account numbers, etc. over email. Email can be highly insecure and is often one of the first things that is breached by hackers. That being said, there are still instances when you will want to permanently delete emails. If you are using an email server within your business, emails will be stored on the server. So, even though you delete from your inbox, they may still exist. This post by LMI.net, gives useful tips for deleting server-stored emails from various email programs.
If you have questions about HIPAA compliance or about any of the IT solutions that we offer, please fill out the contact form to the right.