Chapter 1: What is Data Destruction ?
Chapter 1 of 3 | Published on August 2, 2021
In plain words, data destruction is the process of destroying information, including physical records like paper documents and the data stored on magnetic tapes, hard drives, optical disks, memory chips, etc. Its purpose is to obliterate information (or "data" in the modern sense) such that it becomes irretrievable forever and to every means humanly possible. The above definition is a cursory glance at data destruction, outlining its core "functional” facet. A genuine appreciation of the subject requires a multi-facet inquiry into the historical origins of data destruction, its evolution with data storage technology, and where it stands today.
The Chapter of our Data Destruction knowledge series attempts to unravel the data destruction domain for one and all who deal with data, including those responsible for data lifecycle management.
- Data Destruction— Historical Origins
- Revisiting Data Destruction: The "Storage" Perspective
- Why Data Destruction is Gaining Prominence
Data Destruction- Historical Origins
Data destruction is a fascinating subject that might seem like a freshly carved inquiry in today’s data-first realm, but it is indeed an ancient domain- about 6000 years old!
With the invention of the papyrus in 4000 BCE, the Egyptian civilization had found a way to chronicle and preserve their life stories, history, culture, and wisdom. Archiving this colossal knowledge (or data) eventually germinated the need to destroy the papyrus records— a necessary undertaking to safeguard secret knowledge from theft, avoid sacrilege due to leakage of indecorous information, or similar reasons. In the absence of a mechanized method to destroy the papyrus records, the Egyptians relied on fire and makeshift methods for data destruction.
The practice of data destruction thus evolved over several thousand years, relying on fire and other crude methods for destroying the physical records of information until the invention of the paper shredder in 1909. However, a functional paper shredder didn’t see the light of day until 1935, when it was designed as a decoy of the pasta-making machine to destroy anti-Nazi propaganda! By 1959, the hand-cranked paper shredder had evolved into a motorized shredding machine to destroy paper documentation in government and financial institutions.Image Credit : ironshieldsecurity.com
The next leap in the data destruction technology came following the advent of magnetic storage media like magnetic tape drives in 1951, hard disk drives in 1956, and floppy disks in 1967 that allowed storing data in a “machine-readable” format1. The original paper shredder wasn’t designed to destroy magnetic tapes and hard disk drives, and therefore, these new storage devices needed novel data destruction approaches. The situation was similar concerning the destruction of data stored on the other emergent media such as solid-state drives (SSD), optical drives (CD/DVD/Blu-ray), and USB flash storage.
This was a tipping point leading to the innovation of distinct data destruction approaches that could either destroy only the target data with no visible impact on the storage medium, “demagnetize” the magnetic media or “shred” (disintegrate) the storage hardware like paper!
1 Punch cards were the first mechanical storage medium that were machine-readable. But, they did not require data destruction as were fragile and could be damaged by simple folding
Discovering “Data Storage” Mechanisms
So far, we have established that data destruction- as a need and practice- isn’t new to humanity but has been present since the birth of data and information recordkeeping several millennia ago. However, it has evolved into more refined and targeted forms keeping pace with innovations in data recording and storage technology. This section revisits data destruction from the facet of data storage technology. While data destruction means destroying information forever beyond any retrieval or recovery possibilities, its real-world implementation - approach, method, and technique - depends upon the storage media type and the way & form it records the data.
There are essentially two methods or mechanisms of data storage, namely analog storage and digital storage, as follows:
1. Analog Data Storage
Analog data storage involves recording the data as a “physical representation” of the real-world information like image, sound, motion, text, etc., in the form of a continuous analog signal. For example, a cassette tape records human voice on a magnetic coating, capturing its defining traits like loudness, tone, frequency, etc., in a continuous & time-varying form.
Image Credit : ironshieldsecurity.com
Some of the common analog data recording media include vinyl records, cassette tapes, photographic films, etc.
2. Digital Data Storage
Digital data entails recording and storing data in a binary form, i.e., in the form of 0s and 1s, which are representations of strings of binary digits. Unlike analog data storage, which records the information as a continuous signal, digital data is recorded as a discrete, time-separated signal. For example, the data copied on a hard drive is stored in digital form, transcoding the real-world information such as a video or document into a contiguous string of 0s and 1s.
A vast number of storage media can record and store data in digital format. These “digital data storage” media include magnetic tapes, floppies, magnetic disks, hard disk drives, solid-state drives, optical media, USB flash drives, embedded flash memory, etc.
Digital Data Storage Media
Data Destruction Approach For Analog Data
Analog data inherently resists alterations or changes to its original form without affecting the properties of the physical storage media. For example, a magnetic tape records data on a layered coating of magnetized material such as iron oxide or barium oxide using a tape head which also reads this information.
Cassette tape head recording data on the magnetic tape
Now, destroying this data requires altering the magnetic properties of the tape using a unique ‘Demagnetization’ approach. This data destruction approach is based on neutralizing the several sub-micron local magnetic regions that store the information on the tape.The process ultimately results in partial or complete degradation of the magnetic properties of tape media rendering it less effective or even useless.
‘Physical destruction’ is another approach for destroying the analog data. The paper shredder described earlier implements the physical destruction approach.
Data Destruction Approach For Digital
Digitally recorded data (aka digital data) — stored on reusable storage media like hard drives, USB flash storage and memory cards — allows inherent control over inducing alterations and manipulations like full or partial deletion, copying & replacing the existing information, etc., without affecting the storage media’s physical properties. For example, using preset commands, actuated via a computer interface, one can readily manipulate and modify the data stored on a freely accessible hard disk drive, SSD, phone, or USB stick.
This inherent nature of digital data stored on reusable media paves the way for data overwriting, replacement, and removal-based approaches for data destruction. These approaches are based on executing specific commands via the host computer interface to overwrite and replace the addressable memory locations on a hard drive (or other reusable media) with binary patterns. This overwriting process if executed properly can destroy the existing data and turn it irretrievable.
Digital data stored particularly on magnetic storage media such as hard disk drives, tapes, and floppies can also be destroyed using the demagnetization approach. Additionally, the physical destruction approach applies to all types of data storage devices, irrespective of the underlying media (magnetic, flash memory, optical, etc.) or whether it is reusable or single-use.
Why is Data Destruction Gaining Prominence?
The rapid growth of data and the rising threats in tandem aggravate this situation, making “personal data protection” a top-tier challenge and priority for organizations. As per IDC Data Age 2025 report, the global datasphere (i.e., total data created, captured, and replicated) will grow from 33 Zettabytes* in 2018 to 175 ZB by 2025 at a CAGR of 61%. Managing this colossal data from the users’ privacy standpoint and in line with the law of the land can be a task of unimaginable complexity. Maintaining data privacy is a growing challenge for information security managers, especially when the data turns redundant, missed out from accounting, is abandoned, or moves out of cybersecurity purview. In such scenarios, contemporary data protection laws obligate the custodian organization to ‘permanently’ and ‘provably’ destroy unwanted information.
The emergence of stringent data protection laws such as GDPR, CCPA, etc., obligates the organizations possessing ‘personal data’ to deploy adequate measures for safeguarding the users’ data privacy. Failing to comply with these laws and regulations – at any point throughout the data lifecycle – can lead to hefty penalties, customer loss, and even lawsuits. For example, non-compliance with EU-GDPR can result in fines of up to €20 million or 4% of the annual global turnover of the previous financial year, whichever is greater.
The practice of Data Destruction addresses this business-critical need through the systematic elimination of redundant information from the data storage media. Data destruction serves the crucial need to protect data from falling into the wrong hands and avoid the many repercussions.
Want to learn more about the growing need for data destruction?