Secure data should have an agreed life cycle. This will be set by a data authority when working in a commercial context, and it will dictate what state the data should be in at any given point during that life cycle. For example, a particular dataset may be labeled as sensitive - requires encryption for the first year of its life, followed by private - no encryption, and finally, disposal. The lengths of time and the rules applied will entirely depend upon the organization and the data itself - some data expires after just a few days, some after fifty years. The life cycle ensures that everyone knows exactly how the data should be treated, and it also ensures that older data is not needlessly taking up valuable disk space or breaching any data protection laws.
The correct disposal of data from secure systems is perhaps one of the most mis-understood areas of data security. Interestingly, it doesn't always involve a complete and/or destructive removal process. Examples where no action is required include:
- If data is simply out of date, it may no longer hold any intrinsic value - a good example is government records that are released to the public after their expiry date; what was top secret during World War Two is generally of no sensitivity now due to the elapsed time.
- If data is encrypted, and no longer required, simply throw the keys away!
As opposed to the examples where some effort is required, leading to the potential for mistakes to be made:
- Physical destruction: we often hear of disks being destroyed with a hammer or similar, even this is unsafe if not completed thoroughly.
- Multiple writes: relies upon writing over data blocks multiple times to ensure that the original data is physically overwritten. Utilities such as shred and scrub on Linux achieve this; however, they still have limited effectiveness depending upon the underlying filesystem. For example, RAID and cache type systems will not necessarily be overwritten beyond all retrieval with these tools. Overwriting tools should be treated with caution and used only with a complete understanding of their limitations.
When you secure your data, start thinking about your disposal strategy. Even if you are not made aware of any organizational rules in existence (in a commercial environment), you should still be thinking about how you are going to make sure the data is unrecoverable when access is no longer required.