Data Erasure

Data erasure (also called data wiping or data sanitisation) is the process of permanently and irreversibly removing all data from a storage device so that it cannot be recovered. For mobile devices entering a buyback or ITAD workflow, certified data erasure is both a regulatory requirement under data protection law and a commercial necessity for resale.

The leading data erasure standards for mobile devices are NIST SP 800-88 (Guidelines for Media Sanitisation, published by the US National Institute of Standards and Technology) and the Blancco standard. Both define levels of erasure — from logical overwrite to cryptographic erase — and specify when each method is appropriate based on the device type and data sensitivity. Most modern smartphones support cryptographic erase, which invalidates the encryption key and renders all stored data unrecoverable without re-writing every storage block.

For buyback operators, data erasure must be performed on every device in the intake workflow before the device leaves your possession for resale or recycling. This is not a best-practice recommendation — it is a legal obligation under GDPR (UK and EU), POPIA (South Africa), the Australian Privacy Act, PIPEDA (Canada), and various US state privacy laws. Failure to erase data before resale exposes both the operator and the original device owner to data breach risk.

Certified erasure tools — including Blancco Mobile Diagnostics and other enterprise-grade solutions — generate an erasure certificate for each device. These certificates are the evidence that data was destroyed, and they are the primary deliverable in enterprise ITAD data destruction reports. An operator who cannot produce erasure certificates per device cannot credibly win enterprise ITAD contracts.

Factory reset (using the phone's built-in reset function) is not equivalent to certified erasure in most enterprise and regulatory contexts. On older Android devices, a factory reset does not guarantee that data cannot be recovered with forensic tools. Certified erasure tools overwrite storage or verify cryptographic key deletion with a level of assurance that factory reset does not provide.