Data stored on hard drives and SSDs should be destroyed before the storage media are destructed. And this should be done as per the standards specified by NSA that are summarized as follows-
All SSDs and optical media like pen drives should be crushed or shredded and wiping of data on them before doing so is not necessitated.
However, with hard drives aka HDDs, the data needs to be degaussed at first, following all the data sanitization procedures specified by NSA. As all information on the HDDs is wiped off with the method of degaussing and the drive becomes totally inoperable after wards and can then be put to physical destruction procedures such as crushing or shredding.
When a used HDD is put through a combination of physical destruction after degaussing, it ensures that the data stored on the media meets its end of life for sure. As no skilled hacking professional will have the potential to retrieve information from that drive with any source.
Companies that are in the data center business need to ensure that their end-of-life destruction practices should be carried out through in-house means, as it eliminates the chance of a data breach in every manner.
Businesses that follow just cryptographic and other data erasure techniques and put the drives for reuse should remember that there is a high probability of the media (holding old sensitive information) falling into the hands of hackers that can prove as a gold mine to them in the future.
