"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:9YWvj.397$xg6.104@trnddc07:

> From: "Unruh" <unruh-spam@physics.ubc.ca>
>
>
>|
>| The dod is a bureacracy. Although the recmmendation probably made
>| sense once, once they had been promulgated they will never again
>| change no matter how the technology changes. To relax them puts
>| someone's ass on the line. What if he aralaxes them and suddenly some
>| data leaks. Thus they are frozen in time even if they make no sense
>| whatsoever. I would not take their recommendation as indicating
>| anything whtsoever about what the current best proctice is. While
>| doing what they say may not harm except that the wipe taks 2 days
>| rather than 20min.-- which means noone does it.
>|
>
> The standard has changed. What I posted was the NEW standard.
>
> Don't say "..noone does it.". I see disk sanitization done all the
> time.
>
> This isn't something for just Defense organizations. Sanitization
> should be done by *any* company that has company proprietary
> information stored on their respective hard disks.


Sanitizing may be acceptable (I hae me douts) for a drive that is moving
within an organization (but even then only from and to low security
uses/users). For any HD leaving the company, the HD should be
*destroyed.* Many companies that do paper shredding also have a division
that will mangle HDs (and CDs, etc.) into tiny bits - often with a logged
secure custody chain, witnessing, etc.

Wiping is slow (especially for modern very big drives), and there are
many risks that it will be overlooked or will be done incompletely (e.g.,
all too easy for one in the "to be wiped" pile accidentally being moved
to the "wiped" pile without having been wiped).

HDs are cheap, liabilities are large - too cheap and too large to take
risks with for data leaking outside the company. Destroy 'em!

Regards,