Explained: What is data erasure and why is it important for organisations?

With the increase in privacy laws, the requirements for personal data protection, including data retention and erasure, has become a concern for all organisations. While protecting data is important, destroying or erasing data afterwards is an essential aspect of the data-use lifecycle. 

The proposed data protection law in India also allows a data principal the right to erase their data once it “is no longer necessary for the purpose for which it was processed”. The Deloitte-Blancco Data Destruction Survey Report explains the different terms used with regard to data erasure and destruction.

Data disposal: This is the general term that refers to data destruction processes. It is also the final stage in the data lifecycle.

Data sanitisation: The process of deliberately, permanently, and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable, even with the assistance of advanced forensic tools. Physical destruction of device, cryptographic erasure and data erasure are methods to achieve this.

Data deletion: The pointers to the data are removed and the data is hidden, but the data is recoverable from the storage device using data recovery tools. This indicates that mere data deletion is an inadequate method of protecting end-of-life data.

Data destruction: The process of destroying data from digital storage media, so that it is completely unreadable and cannot be accessed or used for unauthorised purposes. It can be achieved digitally or physically.

Data erasure: A software-based method of securely overwriting data from any data storage device using zeroes and ones onto all sectors of the device, then verifying and certifying the erasure. By overwriting the data on the storage device, the data is rendered unrecoverable and achieves data sanitisation. With data erasure, the data storage device can still be used.