Skip to main content

Cornell University

Best Practices for Media Destruction

This article applies to: Security Essentials for IT Professionals

Media destruction, either physical or electronic, is intended to prevent data disclosure. Some ways data may be disclosed are:

  • Computers that are disposed of or sold without appropriate media destruction practices. (See Dispose of Old Computers and Devices or Physically Destroy Old Computers and Devices.)
  • Hard drives returned to vendors as defective are frequently repaired and returned to service with data intact. 
  • Disposed functional hard drives are a valuable commodity and present significant risk of data disclosure if not properly treated. 

Drives that will not be reused should be physically destroyed. Even if the drive is to be reused it should be erased using one of the recommended tools or applications. Different terms may be used to refer to disk or file erasure. Some common terms are disk wiping and secure deletion.

What Are the Standards for Media Destruction?

  • DoD 5220.22: Functional drives should be overwritten 3 times prior to disposal or reuse.
  • NIST 800-88: Modern hard disks can defy conventional forensic recovery after a single wiping pass. 

Note: As of 2001, ATA (thought not SCSI) drives support a secure-overwrite command that should eliminate all data on the drive much more rapidly than operating system-level utilities. Certain specialty hardware supports this.

What is the Security Office Recommendation?

Our recommendation acknowledges the NIST document, but maintains consistency with other practices throughout higher education and industry. 

  • For drives that will be reused or disposed of in a functional state: use of a reputable erasure utility implementing DoD 5220.22. A 3-pass wipe of a large hard disk is time intensive.
  • For drives that are defective, dead, or sufficiently unresponsive that they do not complete the 5220.22 wipe protocol: physical destruction prior to RMA or disposal.

Destruction Practice by Media

Media Reuse Disposal
Hard Disk DoD 5220.22 erase prior to format Physical destruction or degauss
Floppy Disk Degauss or erase prior to format Physical destruction, degauss, or erase
Caseless Optical (CD/DVD) Typically N/A Physical destruction (break into pieces or uniformly abrade surface)
ZIP/Cartridge DoD 5220.22 erase Physical destruction or degauss
Small solid state, USB/Flash Erasing is unpredictable, but nonetheless recommended prior to format Physical destruction
Tapes Degauss Physical destruction or degauss


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.