Before you go...

Get a free, no-obligation destruction plan tailored to your organisation. We respond within one business day.

No spam. We will contact you once with your plan. Unsubscribe any time.

Back to Resources
Share:
Security 5 min read January 2025

Why Deleting Files Isn\'t Enough: The Hidden Data Risk in Your Old Hard Drives

Every year, organisations across Malaysia dispose of computers, servers, laptops, and storage devices — many believing that deleting files, formatting drives, or resetting devices has made their data unrecoverable. In every one of those cases, the data is still there. Here is why, and what it means for your organisation's PDPA obligations.

How file deletion actually works

When you delete a file — whether you move it to the Recycle Bin and empty it, use Shift+Delete, or run a "delete all" command — the operating system does not erase the file's contents from the storage medium. What it erases is the file's entry in the directory: the record of where on the drive the file is stored. The underlying data — every character, every image, every spreadsheet row — remains physically written to the drive's storage medium until that specific area is overwritten by new data.

This is not a flaw or a security vulnerability. It is how storage systems are designed to work, because overwriting data on every deletion would significantly shorten drive lifespan and slow down operation. The consequence for data security, however, is significant: deleted files are recoverable by anyone with access to the drive and a recovery tool.

Formatting is not the answer either

A common misconception is that formatting a drive — particularly a "full format" as opposed to a "quick format" — makes data unrecoverable. On traditional magnetic hard drives (HDDs), a full format does overwrite data in some implementations, but recovery tools designed for forensic analysis can still retrieve significant portions of previously stored data from formatted drives, depending on the operating system and format type used.

On solid-state drives (SSDs), the situation is more complex and, from a security standpoint, more concerning. SSDs use a process called wear-levelling to extend drive lifespan by distributing writes across the storage cells. This means that when data is written to an SSD, the drive controller does not necessarily write to the same physical location each time — and when data is "overwritten," the original copy may remain on the drive in a different cell. Standard software wipe tools cannot reliably reach all of these locations. The only method guaranteed to destroy data on an SSD is physical destruction of the storage chips.

Who can recover deleted data

Data recovery is not the exclusive domain of government forensic laboratories or specialist agencies. Commercial data recovery software is freely available online — some of the most effective tools are open-source and cost nothing to download. A person with basic technical knowledge and a consumer-grade data recovery application can recover deleted files from an unformatted drive in a matter of minutes.

This means that a hard drive that leaves your organisation — whether sold secondhand, donated to charity, sent to a recycling facility, or simply placed in general waste — carries its full data history with it, accessible to anyone who retrieves it and knows how to look.

What data is typically at risk on old drives

Old drives from office computers, servers, laptops, and network-attached storage devices accumulate years of operational data. A drive from a decommissioned office PC might contain:

  • Client databases and contact information
  • Employee personal data, payroll records, and HR files
  • Financial records, bank account details, and invoices
  • Confidential business correspondence and internal communications
  • Login credentials, netw
    Ready to protect your organisation?

    Get a free consultation from Grass Stories Sdn Bhd — Sarawak’s trusted document destruction specialist.

    Get a Free Quote →

Related Articles

Security

The Real Cost of a Data Breach: What Malaysian Businesses Stand to Lose

 Security

IT Asset Disposal for Sarawak's Growing Digital Economy

 PDPA

PDPA Compliance for Malaysian Businesses: What You Need to Know About Document Disposal
Pricing

Transparent Pricing, Tailored to You

We don't believe in one-size-fits-all pricing. Every quote is based on your actual requirements — volume, service type, and frequency. Every client's situation is different, so we don't list prices online — a detailed quote takes one business day and is always completely free.

Our Services

What Affects Your Quote

Our pricing is straightforward — based on the factors below. Submit an enquiry and we will respond with a clear, itemised quote within 1 business day.

Off-Site Destruction

Collection and certified destruction of paper documents and materials at our secure facility.

  • Volume — estimated weight or number of boxes / bags of material
  • Location — collection address within Miri and surrounding areas
  • Type of materials — standard paper, files, bound volumes, or mixed media
  • Witnessing / remote monitoring — if you wish to observe the destruction
One-off collection: Ideal for archive clear-outs, office moves, or periodic purges. Priced per collection.
Most Popular

Scheduled Collection Plan

An ongoing collection programme on your chosen frequency — weekly, fortnightly, or monthly.

  • Collection frequency — weekly, fortnightly, or monthly
  • Volume per cycle — estimated volume per collection visit
  • Number of locations — single or multiple collection points
  • Reporting requirements — standard or consolidated certificates
Best value: Regular clients on scheduled plans benefit from consistent service, priority scheduling, and consolidated documentation for compliance.

Hard Drive & Media Destruction

Physical destruction of hard drives, SSDs, USB drives, tapes, optical discs, and other digital storage media.

  • Quantity — number of drives or media items for destruction
  • Media type — HDDs, SSDs, tapes, optical media, USB drives
  • Serial number logging — per-device certificate documentation
  • Witnessing / remote monitoring — optional for high-security requirements
IT asset disposal: Particularly suitable for companies upgrading hardware, decommissioning servers, or clearing end-of-life IT equipment.
What to Expect

How Our Quoting Process Works

We keep it simple. No hidden charges, no confusing packages — just a fair price based on what you actually need.

01

Submit Your Enquiry

Use our contact form or call us directly. Tell us your service type, estimated volume, and location. No commitment required.

02

We Assess & Quote

Within 1 business day, we will review your requirements and provide a clear, itemised quote — no vague estimates.

03

You Decide

Accept the quote on your own timeline. There is no pressure and no obligation. We are here when you are ready.

04

We Handle Everything

Collection, destruction, documentation — we manage the entire process and deliver your Certificate of Destruction promptly.

Common Questions

Pricing FAQs

No. We do not impose a minimum volume. Whether you have a single box of documents or an entire archive room, contact us and we will recommend the most cost-effective approach for your situation.

No. Our quotes are fully itemised and transparent. The Certificate of Destruction is included in every service — it is not an add-on. If serial number logging per device is required for hard drive destruction, we will include this in the quote so you know exactly what you are paying for.

Never. All consultations, site assessments, and quotes are completely free of charge with no obligation whatsoever. We believe in earning your trust before asking for your business.

Yes. Clients on scheduled collection plans or those with consistently high volumes benefit from more favourable rates. When you submit your enquiry, let us know your expected frequency and volume and we will factor this into your quote.

Quote Estimator

Get a Ballpark Figure

Not ready to call yet? Use our estimator to get a rough sense of cost before you enquire. Every quote is confirmed free within one business day.

RM —
Select your options above to see an estimate.

Ready for a Free Quote?

No obligation. No pressure. Just a clear, honest price based on what you need.

Chat with us