>A lot of the nonsense around shredding hard drives is just the drive industry convincing people that they need to destroy perfectly good devices.
Unless you're willing to prove beyond a shadow of a doubt that each and every such hard drive does not in any shape or form contain sensitive information and pay hefty fines and jail time when you inevitably fail, the only nonsense here is you. It has been proven time and time again that data once written can be and will be recovered.
Any storage media that contains or contained sensitive information must be physically destroyed. That is the only surefire, foolproof way that we currently know of to securely and permanently delete sensitive information.
> Unless you're willing to prove beyond a shadow of a doubt that each and every such hard drive does not in any shape or form contain sensitive information
I'm not sure which part of "HIPAA says you can take an UNENCRYPTED hard drive and toss it in a dumpster provided it has a fence around it" you didn't understand.
> Any storage media that contains or contained sensitive information must be physically destroyed.
...and as previously mentioned: not for PII healthcare data.
The bit about "you can only be SURE if you destroy it" is pure hard drive manufacturer nonsense.
Find me a single case where someone has recovered data from a non-solid state (hybrid or otherwise) drive or tape that has undergone a SMART secure erase or NIST / DoD compliant wipe.
In decades, I have never heard of such an incident.
Simple, I read a paper that vaccines cause autism... Now prove to me that you are not an elephant.
Now lets get purely logical. There is a non-zero chance of risk, and the best risk avoidance strategy is to not take the risk in the first place, so shred the drive.
So lets make a software, that would secure erase the drive and try to recover the data, and prove that you are not actually an elephant. But why?
Make a lot of money instead? Make a hard drive with a secure erase feature, and yes I know, but like put a spin on it, maybe a button, or better yet, you secure erase the drive backed by an industry grade non-recoverability warranty for a cheap $10/yr./drive subscription access to our secure erase service. We come to you next day, give a certificate and everything, you can put it in your HIPAA folder and show it to your risk committee.
Your market? Health care, gov, and problems that solely exist in between the keyboard and the screen.
Trivia: At the old AT&T (not at&t, the (mostly) mobile/cell company), it was standard to degausse the drive then drill through the middle of the radius and park a bolt there.
Bonus points if You had a spot welder to secure a nut to the bolt.
Unless you're willing to prove beyond a shadow of a doubt that each and every such hard drive does not in any shape or form contain sensitive information and pay hefty fines and jail time when you inevitably fail, the only nonsense here is you. It has been proven time and time again that data once written can be and will be recovered.
Any storage media that contains or contained sensitive information must be physically destroyed. That is the only surefire, foolproof way that we currently know of to securely and permanently delete sensitive information.