When a business decides to retire old servers, the conversation usually starts with “where do we send this stuff?” But the more important question is what happens to the data on those drives before anything goes anywhere.
Most organizations know they shouldn’t just toss a server in a dumpster. But many underestimate what it actually takes to render data unrecoverable. Deleting files doesn’t do it. Reformatting doesn’t do it. Even a basic factory reset leaves recoverable data behind.
Here’s what actually works and what you should know before recycling any equipment with storage media.
Why “Delete” Doesn’t Mean “Gone”
When you delete a file, the operating system removes the pointer to that data — think of it like tearing the table of contents out of a book. The pages are all still there. Anyone with freely available forensic recovery tools can reconstruct those files.
Reformatting is only slightly better. A quick format just rebuilds the file system structure. A full format on modern drives does overwrite data, but it’s not a documented, verifiable process — which matters if you’re in a regulated industry or need to demonstrate due diligence.
The NIST 800-88 Standard
The National Institute of Standards and Technology published Special Publication 800-88 Revision 1: Guidelines for Media Sanitization, which has become the de facto standard for how organizations should handle data destruction.
It defines three levels of sanitization:
Clear — Overwriting data using standard read/write commands. Effective against simple file recovery but not against lab-level forensic analysis. Suitable for lower-sensitivity environments where drives will be reused internally.
Purge — Uses techniques that make data infeasible to recover even with advanced laboratory methods. For magnetic drives, this means degaussing or using firmware-level secure erase commands. For SSDs, it involves cryptographic erase or manufacturer-specific sanitization commands.
Destroy — Physical destruction of the media to the point where data recovery is impossible. Shredding, crushing, disintegrating, or incineration. This is the gold standard for the most sensitive data.
Which Method Is Right for Your Business?
That depends on your risk tolerance, your regulatory environment, and the sensitivity of the data.
Healthcare organizations dealing with HIPAA-covered data, financial institutions, government contractors, and legal firms generally need Purge or Destroy-level sanitization. A small business retiring a few office desktops may be fine with Clear-level overwriting.
The key is that whatever method you use, it should be documented. You should be able to produce a record showing what was done, to which drives, and when. That paper trail is what protects you if questions ever come up.
What We Do at GreenIT Pickup
Our data destruction process follows NIST 800-88 guidelines. Depending on the equipment and the client’s needs, we perform either verified software-based overwriting or physical destruction. Every drive is tracked and we provide documentation of the destruction process.
We want to be clear about our language here: we follow NIST 800-88 guidelines and adhere to its recommended practices. We’re not claiming third-party certification — we’re telling you exactly what we do and how we do it so you can make an informed decision.
Before You Recycle: A Quick Checklist
Make an inventory of every storage device in the equipment you’re retiring. This includes internal drives, RAID arrays, flash modules, and even SD cards or USB drives that may have been left plugged in. Decide on your required sanitization level based on the sensitivity of the data. Ask your recycling or ITAD provider specifically how they handle data destruction and what documentation they provide. Keep your documentation of data handling on file — treat them like any other compliance record.
The Bottom Line
Data destruction isn’t glamorous, but it’s one of the most important steps in the IT equipment lifecycle. Getting it wrong can mean regulatory fines, reputational damage, or worse. Getting it right means peace of mind and a clean paper trail.
If you’re planning a hardware refresh or office cleanout in the Dallas-Fort Worth area and want to make sure data destruction is handled properly, reach out. We’ll walk you through exactly how we’d handle your equipment.