You’re about to recycle your laptop or your phone, so you delete all your photos and personal files. Maybe you even reset the device to factory settings. You probably think your sensitive data is now safe. But there is more to be done: hackers may still be able to retrieve passwords, documents or bank details, even after a reset. In fact, 90% of second-hand laptops, hard drives and memory cards still contain recoverable data. This indicates that many consumers fail to wipe their devices properly before resale or disposal.
But there are some simple steps you can take to keep your personal information safe while recycling responsibly.
Discarded or resold electronics often retain sensitive personal and corporate information. Simply deleting files or performing a factory reset may not be sufficient. Data can often be easily recovered using specialised tools. This oversight has led to alarming incidents of data leaks and breaches.
Why standard factory resets are not enough Many people believe performing a factory reset fully erases their data. But this is not always the case.
An analysis of secondhand mobile devices found that 35% still contained recoverable data after being reset and resold. This highlights the risks of relying solely on factory resets.
On older devices or those without encryption, residual data can still be recovered using forensic tools. iPhones use hardware encryption, making resets more effective, while Android devices vary by manufacturer.
Best practices for secure disposal
To protect your personal and organisational information, consider these measures before disposing of old devices: Data wiping
Personal users should use data-wiping software to securely erase their hard drive before selling or recycling a device.
However, for solid-state drives, traditional wiping methods may not be effective. This is because solid-state drives store data using flash memory and algorithms, which prolong a device’s lifespan by distributing data across memory cells and can prevent direct overwriting.
Instead, enabling full-disk encryption with software such as BitLocker on Windows or FileVault on Mac before resetting the device can help to ensure data is unreadable.
On Android phones, apps such as Shreddit provide secure data-wiping options. iPhones already encrypt data by default, making a full reset the most effective way to erase information.
Businesses that handle customer data, financial records or intellectual property must comply with data protection regulations. They could use certified data-wiping tools that meet the United States National Institute of Standards and Technology’s guidelines for media sanitisation or the US Institute of Electrical and Electronics Engineers’ standard for sanitising storage. These guidelines are globally recognised.
Many companies also choose third-party data destruction services to verify compliance and enhance security.