I have an old hard disk (Maxtor 250Gb) from about 3 years ago that started giving errors and now sits in a draw in my desk. It has some confidential data on it but it's unlikely that it can be read because the disk started to go bad. However, before I dispose of it I want to make sure that the data can't be recovered by destroying the disk.
What is the best way to destroy the disk such that the data can't be read? (I live in Arizona and was thinking of leaving it in the yard when we have those 125 F days...?)
What is the best way to dispose of the disk after it's destroyed? (I believe that it's environmentally unsound to chuck it in the trash.)
If you are looking for standard procedures and reliable methods, you could read the Guidelines for Media Sanitization (PDF) of the National Institute of Standards and Technology.
For any given medium, there are three basic methods:
For hard drives they recommend:
Clear:
Overwrite media by using agency-approved and validated overwriting technologies/methods/tools.
Physical Destruction:
Purge:
Recommendations for flash media (SSDs) are similar, except that degaussing solid state drives is not a viable way to purge them as the data is not stored on magnetic platters.
Thermite is the Ultimate Solution. (To both data erasure and many other problems)
It shouldn't be that hard to expose the platter after peeling back the various stickers covered in dire warnings. Once exposed, you have a choice of fun methods. Bending it even a little would make spinning it under a head impractical, so that is probably a good place to start. A ball peen hammer could be used to make a nice texture, or just apply a belt sander. Wear eye protection, naturally.
Pragmatically, unless you are holding national secrets, just scoring the platter with a scratch awl really ought to be sufficient to make it well beyond anything but the NSA's capability. If you are really worried, score both radially and in spiral.
Hand the wreckage (or at least the bits you don't hang up as a trophy) over to an E-Waste recycler and they will do something appropriate with it.
A combination of really strong magnets and a sledgehammer is really the only way. In that order.
See if your company already employs a bonded security firm for shredding documents. I use ours for shredding reports, digital media, old backup tapes, and hard disks. IIRC, it costs two bucks per hard disk, and they grind 'em to powder. No fuss, no bother, no eco-issues.
One quick and easy way, recommended by Steve Gibson, is drill a hole through the hard drive making sure you drill through all the platters.
Physical destruction of a drive is tricky business. There are many companies that deal specifically in the field of data destruction, so if you are doing any kind of mass you may want to at least look at their price list. If you contract, make sure the company is properly bonded/insured, and provides audit trails for each destroyed item. In the worst case scenario that your information does get out, you want the document in hand that says your contractor properly destroyed the item in question. Then, at least, you can transfer the liability.
When it comes to drive destruction you typically see one of two main fields:
Degaussing
Degaussing used to be the norm, but I am not such a big fan. On the plus side it is fast, you'll normally just dump the disks on a conveyor belt and watch them get fed through the device. The problem is auditability. Since the circuitry is rendered wobbly, you won't be able to do a spot check of the drives and verify that the data is gone. It is possible, with some level of probability unknown to me, that data could still exist on the platters. Retrieving the data would, without question, be difficult, but the fact still remains that you cannot demonstrate the data is actually gone. As such, most companies now will actually be doing physical destruction.
Physical Destruction
At the low end, say a small box of drives at a time, you'll have hard drive crushers. They're often pneumatic presses that deform the platters beyond useful recognition. At the risk of supporting a specific product, I have personally used this product from eDR. It works well, and is very cathartic.
At a larger scale, say dozens or hundreds of disks, you'll find large industrial shredders. They operate just like a paper shredder, but are designed to process much stiffer equipment. The mangled bits of metal that are left over are barely identifiable as hard drives.
At an even larger scale you can start looking at incinerators that will melt the drives down to unidentifiable lumps of slag. Since most electronics can produce some rather scary fumes and airborne particulates, I would not recommend doing this on you own. No, this is not a good use of your chiminea.
Manual Dis-assembly
If you are dealing with one or two drives at a time, then simple dis-assembly might be sufficient. Most drives these days are largely held together with torx screws, and will come apart with varying levels of difficulty. Simply remove the top cover, remove the platters from the central spindle. Taking a pocket knife, nail file, screwdriver, whatever, have fun scoring both surfaces of each platter. Then dispose of the materials appropriately. I cannot speak to how recoverable the data is afterwards, but it is probably sufficient. The biggest thing to keep in mind is that while most desktop hard drive platters are metal, some are glass. The glass ones shatter quite extravagantly.
You should also take care of removing and destroying the memory chips on the board because of cache memory and (with "hybrid" drives) of NAND chips containing up to 4GB of cached data. A good way to do that is to wrap the board in linen or another coarse cloth and hammer it, that should keep broken parts from flying everywhere.
Additional Considerations
Before you decide on a destruction method, make sure to identify what kind of data is stored on each device and treat it appropriately. There may be regulatory or legal requirements for information disposal depending on what data is stored on the disk. While NIST does not define which sanitization methods to use for data types, in section 5 of NIST SP800-88 they do define 3 methods, clear, purge, and destroy.
Since NIST is not making any assumption of data classification level they give recommendations for all three noting that for ATA drives manufactured after 2001 clearing and purging have converged.
All that being said, performing a single pass zero wipe is probably sufficient for your purposes. Modern research indicates that modern hard drives are largely immune to the "magnetic memory" problem we used to see on magnetic tape. I would never bother doing anything more on a household drive unless the drive itself was exhibiting failures.
I've used DBAN extensively.
Darik's Boot And Nuke creates a bootable CD/floppy. You boot to it, and, after it picks up your hard drives, you can select as many drives as you want and then the method of destruction (we usually 9 or more passes of random 1s and 0s).
Simply overwriting 0 0 0 0 over and over can still leave data recognizable.
Basically if it still works, use some utility, that overwrites each sector of the disk at least 10 times. Easily done for example with dd.
As for disposing of it, it's basically iron and it's alloys. Just throw it into metal recycling container.
My company owns a hard drive degausser for just this purpose, nicknamed the "shredder". They get nuked before disposal of old server or PC hardware.