Guide to Upcycling Retired Digital Devices
How to Run an Upcycling Scheme

Step 5: Wipe the data

Data wiping (also referred to as device or data ‘sanitisation’ or ‘erasure’) is the process of removing all files and data from a device to ensure that no information from the original user can be accessed or viewed by a new user. LOTI’s research into device upcycling has revealed that many organisations are put off running upcycling schemes due to fear of data breaches from their retired devices.

Key considerations 

  • Do we have the resource and/or capability to conduct data wiping in-house?
  • If the devices have been sourced internally, has or will the data be wiped by our organisation (on site) or will this be undertaken by our upcycling service provider?
  • If the devices have been sourced via a donor, will they wipe the data on their site or will this be undertaken by our upcycling service provider?
  • If data wiping is to be undertaken by our upcycling service provider, what data wiping standard or certifications do we need?
  • Do we require the devices to be wiped within a certain timeframe?
  • Do we need an audit trail and certification for each device?

Top tips

  • Take a proportionate approach to risk when determining what data wiping standards need to be met.
  • Include a section on data wiping in your device upcycling policy.
  • Explore the options for data wiping as early as possible by engaging with your IT team, especially if your organisation does not allow data wiping by a third party (e.g. an upcycling service provider).
  • For donated devices, make sure you understand the donor’s data wiping preferences from the start so you can plan ahead.
  • If a data wiping audit trail (certification for each device) is required, ensure these requirements are captured in any discussions with the donor organisation and your upcycling service provider.
  • If your organisation does not have a device upcycling policy or data wiping policy, seek advice from your relevant Data Officer, Information Officer and/or IT team.
  • Visit the National Cyber Security Centre (NCSC) website for more advice on data wiping.
Skip to content

Join the LOTI conversation

Sign up for our monthly newsletter to get the latest news and updates