It may seem easy to just give away or sell an old device until you actually stop and think about all the personal information stored on it. Your passwords, credit card information, photos, accounts – simply deleting them doesn’t guarantee the new owner won’t access them.
Approximately 40% of used electronic devices resold in the secondary market still have personally identifiable information left on them due to insufficient deletion of data. But those numbers are so high for a simple reason. People cut corners, and they often cut the most critical corners.
We don’t want to create alarm here. We just want to help you navigate the process of properly disposing of an electronic device.
Sign out before you wipe
One of the most common mistakes people make is that they factory reset a device before first signing out of their accounts. This doesn’t just leave your data within reach of the new owner – it can also potentially render the device in question unusable to that new owner.
All modern Apple hardware is locked to your iCloud account. All modern Android devices are locked to your Google account. The latest Xbox and PlayStation consoles will be locked to your Xbox ID or PSN account, as well. These locks are on the device’s hardware, not on the system’s software. If you factory reset before removing the lock by signing out of the appropriate ID, the new owner turns the device on and hits a login screen they can’t bypass.
The same goes for games, mail, and any other service that uses your device as a trusted endpoint. Especially if you have 2FA – and you should – make sure your second-factor entries are loaded to a new device first. Removing the old one from your 2FA setup before you’ve established a replacement is how people get locked out of their accounts.
The difference between wiping and actually wiping
On modern smartphones and tablets, a factory reset is genuinely effective because the device encrypts its storage by default. When you reset, the encryption key is destroyed, and what’s left is scrambled data with no way back in. That’s a clean wipe.
Older computers with mechanical hard drives don’t work the same way. Standard formatting just removes the file system pointers – the actual data sits there until something else writes over it. Recovery software can pull it back with minimal effort.
For those machines, use a dedicated secure erase utility that overwrites the disk multiple times with random data patterns. This is the approach outlined in NAID’s media sanitization guidelines. Free tools like DBAN handle this well for most home users. On solid-state drives, the manufacturer’s secure erase tool is usually the better option since overwriting works differently on flash storage and can reduce drive lifespan without adding much security benefit.
Physical media gets forgotten constantly
SD cards, microSD cards, and SIM cards are not erased during a factory reset. These are distinct storage systems that retain the information stored on them. Hence, ensure you remove these cards before giving away the device.
If you intend to give the SD card along with a device – for instance, a handheld console or a camera – make sure to format the SD card separately first. Do not just try to delete the files and content. Use the device’s format option to properly clear the file-system on the SD card.
This same advice is also applicable to USB sticks, external hard drives, or any other form of storage that might have been connected or integrated with the device.
De-authorising devices before you sell
Most online stores restrict the number of devices that can be used to access your bought files at any one time. iTunes, the PlayStation Network, and Steam will only let you download your files on so many devices. If you sell off a device without de-registering it first, one of those slots is gone, possibly forever. Or until you unearth the device in question and do it remotely, which isn’t always an option.
This matters especially for gaming hardware. If you want to understand how to trade in video game consoles online once the hardware is clean, de-authorising the console from your primary account is part of what makes it resale-ready rather than just wiped.
De-registration isn’t the same as just logging out, either; logging out just ends your session, it doesn’t cut off the device’s access at your account. Both need to happen.
When the device won’t power on
A damaged or nonfunctional device still harbors readable information on the storage chip. If you are unable to wipe it clean through software, the only fail-safe method of ensuring all your data is gone is destroying the physical media.
For most users, that will be drilling through the hard drive or breaking the flash chip on a broken smartphone, then sending the device to your usual e-waste handler. It’s not pretty, but it’s what you must do. The e-waste industry disposes of our cast-offs safely, which means they can’t be re-used or resold with all their apps and data still accessible. They’re not going to automatically destroy your data for you – assume they won’t, and don’t take chances. To really scrub a device it takes maybe half an hour longer than a simple factory reset. Half an hour. It’s worth it: there’s a payoff in resale value, it costs nothing, and it makes you a nicer person to the next owner.
- A Beginner’s Guide to Safely Clearing Personal Data Before Rehoming Devices
- Creating a Healthier Work Environment: A Guide for Facility Managers
- How to Optimize Your Dental Practice Website for Better Search Visibility
- 7 Essential Features Every Modern Fitness Center Needs to Succeed
- Why Effective IT Management Is the Key to Modern Business Agility