[unisog] Wiping hard drives before computer transfer

Walter G. Aiello Walter.Aiello at Duke.edu
Fri Jan 24 13:50:55 GMT 2003


Greetings:

Since old disks can carry confidential patient data, as
a policy we send old disks to a bonded site for destruction
and recycling.

-- 
Walter G. Aiello, Ph.D.
Manager, Network and Information Services
Magnetic Resonance Research Section
Box 3808, Department of Radiology
Duke University Medical Center

Walter.Aiello at Duke.edu
(919) 684 7519

Marty Hoag wrote:
>    I'm curious what others are doing to remove data and
> software from hard drives of surplused or "passed down"
> PCs and Macs.  Besides things like FERPA and licensed
> software concerns, there could be some liability if we
> passed along a machine which had already be compromised
> and potential embarrassment of revealing old data.
> 
>    As a public institution we are to either pass along
> the systems internally or send them to purchasing as
> surplus (they often old spot silent auctions on the old
> stuff).  Our "Lan Group" provides desktop support to many
> departments on campus and is often requested to remove
> the old data but I suspect some machines are getting
> through to surplus or to some other department without
> expert attention.
> 
>    Doing some Google searches reveals a plethora of
> products available with wildly different pricing
> models (e.g. per wipe, per technician, etc.).  One
> staff member created a Linux bootable CD-ROM with
> an open source tool but that took 6 hours to wipe
> a 20 GB hard drive (doing 7 passes).  I had tested
> Symantec's gdisk on a 10 GB drive doing the "DoDwipe"
> (also supposedly 7 passes) and that took little more
> than an hour.  I ran across web pages for things like
> PDWIPE, Disk Wipe, Wipedrv, Paragon Disk Wiper, Wipe,
> gdisk, and Declasfy.  I know nothing about Macs so I
> don't know what is available for them.
> 
>    In our distributed environment it would be nice
> to have an institutional license for something on a
> bootable floppy and cd-rom which: the end user could
> just boot, would list the disks on the system, ask
> the user to confirm, then just do its thing.
> 
>    Anyway, I'd be curious about policy and software
> (or hardware) solutions.  I'm most interested in cases
> where you do NOT want to destroy the drive itself since
> that is pretty easy given a few tools a big enough
> sledge hammer.  Depending on the responses I'd be glad
> to summarize the comments.   Thanks!
> 
>    Marty



More information about the unisog mailing list