Information Security Alert
The data you thought you deleted is actually still there.
Do you think that pressing "Delete" or "Format" will erase your data? In fact, for SSDs, this is far from sufficient. Research from the University of California, San Diego, has revealed a disturbing fact: data stored on SSDs is extremely difficult to completely erase. Even the data erasure algorithms used by the U.S. Department of Defense (DoD) are not always effective at removing specific files from SSDs.
This isn't just an academic warning. In Taiwan, some people have purchased used hard drives and discovered they contained direct access to bank clients' business transaction data, accessible without any data recovery software. Businesses and individuals who don't understand how SSDs work and carelessly replace their devices are essentially handing over confidential data.
Corporate Compliance Considerations
According to the Enforcement Rules of Taiwan's Personal Data Protection Act, companies must have complete destruction records and evidence for obsolete storage media. The following are the principles that companies should follow when handling SSD replacements:
Establish a complete destruction process: Every hard drive, from replacement, transfer, destruction to completion, should have a detailed record, including serial number, responsible person, destruction method and date.
Do not hand over the hard drive directly to a recycler: handing the hard drive directly to a computer recycler cannot serve as legal proof that the data has been completely destroyed, and the company is still responsible for the consequences.
Note the following when sending an SSD for repair: After an SSD is sent to the original manufacturer for repair, the manufacturer may replace it with a new hard drive instead of returning the original one. If the original drive contains sensitive data that has not been erased, it may be circulated on the second-hand market.
Outsourced destruction requires certification: If you entrust a professional destruction company to handle the process, you should request them to provide a destruction certificate that complies with NIST SP 800-88 or DoD 5220.22-M standards as proof of compliance.
The widespread adoption of SSDs has made data storage faster and more durable, but it has also brought unprecedented data destruction challenges. Traditional deletion and formatting methods are virtually ineffective with SSDs. Whether you are an individual user or a corporate IT department, before replacing equipment, you must choose the appropriate data destruction method based on the confidentiality level of the data to truly protect information security and avoid becoming the next data breach victim.