The Problem with "Delete and Recycle"
The most common mistake when disposing of a computer: treating file deletion, formatting, or factory reset as sufficient data removal. It is not.
When you delete a file, the OS removes the directory entry but does not overwrite the actual data sectors. The data remains physically intact until those sectors are reused. With freely available tools like Recuva or GetDataBack, significant data recovery from "deleted" drives is routine.
Formatting performs one pass of zero-writes in most configurations — marginally better, but not meeting any professional sanitization standard.
Factory reset on a laptop typically reinstalls the OS partition without thoroughly sanitizing all addressable sectors. Apple's "Erase All Content and Settings" on modern Macs with T2/M-series chips is an exception — it performs cryptographic erase, which is NIST 800-88 compliant.
Step 1: Inventory the Device's Data
Personal devices: Documents, photos, videos, browser saved passwords, Wi-Fi credentials, tax documents, email archives.
Business devices: Corporate email cached locally, VPN credentials and config files, business application data, shared drive mappings and authentication tokens, customer or client data — all of these may have compliance implications even on devices that appear to hold only personal use history.
Step 2: Back Up Everything You Need
- Copy documents and media to external drive or cloud storage
- Export browser bookmarks and note saved passwords
- Record software license keys
- Save VPN and network configurations
- Export email archives from desktop clients
Step 3: Sign Out of Platform Accounts
macOS: System Settings → Apple ID → Sign Out. Deactivates iMessage, iCloud sync, removes device from trusted list.
Windows: Settings → Accounts → Your Info → Sign Out. Also deactivate software with per-device licensing.
Chromebook: Settings → Advanced → Reset Settings → Powerwash.
iPhone/iPad: Settings → [Your Name] → Sign Out → Remove from Account.
Android: Remove all linked accounts before factory reset.
Step 4: Wipe the Drive — Do It Correctly
Windows PCs
Consumer/low-sensitivity data:
Settings → System → Recovery → Reset this PC → Remove everything → Change settings → enable "Clean the drive." One-pass zero-write — adequate for non-sensitive personal data.
Business/sensitive data:
Do not use Windows built-in reset. Use:
- DBAN (free, boots from USB, DoD 5220.22-M multi-pass — for magnetic HDDs only, NOT for SSDs)
- Blancco Drive Eraser (commercial, NIST 800-88 certified, generates certificate)
- Secure Erase / hdparm for SATA drives via ATA Secure Erase command
Critical note on SSDs: DBAN does NOT work correctly on SSDs due to wear leveling and over-provisioning. Use ATA Secure Erase, Enhanced Secure Erase, or manufacturer utilities (Samsung Magician, WD Dashboard, Crucial Storage Executive).
Macs
Macs with T2 chip or Apple Silicon (M1/M2/M3/M4):
System Settings → General → Transfer or Reset → Erase All Content and Settings. Performs cryptographic key erasure — NIST 800-88 Purge-equivalent. Fully adequate for most business use cases.
Older Intel Macs (pre-T2):
Boot to macOS Recovery (Cmd+R), open Disk Utility, select internal drive, Erase, Security Options → 7-Pass Erase. Slow on large drives but thorough.
Chromebooks
Settings → Advanced → Reset Settings → Powerwash. Combined with Google Account sign-out, adequate for low-sensitivity Chromebook use.
Step 5: Handle the Physical Drive (Optional but Recommended for High Security)
If you cannot verify the software wipe completed correctly — or want absolute assurance:
Remove the drive: Most laptops: small Phillips screwdriver, bottom panel, locate 2.5" SATA or M.2 NVMe drive. Desktop PCs: side panel, drive bay access.
Options:
1. Keep it — repurpose as external storage with USB enclosure
2. Destroy it yourself — drilling multiple holes through HDD platters renders data unrecoverable (SSDs are less reliably destroyed this way)
3. Send to certified shredder — OC Electronic Recycling accepts drive-only destruction with serial-number certificate
Step 6: Choose a Certified Recycler
Choose a recycler that:
- Is authorized under California's Electronic Waste Recycling Act
- Processes materials through DTSC-authorized downstream vendors
- Provides a pickup manifest and recycling certificate
- Offers NIST 800-88 certified data destruction with serial-number certificates
What to avoid: Uncertified drop boxes without documentation, community events without data destruction capability, informal scrap buyers.
OC Electronic Recycling provides all of the above for Orange County businesses and residences. Free for qualifying business volumes.
