How to make sure your old tech doesn’t reveal personal data

It’s easy to be blasé about the risks of not deleting personal data from old devices, but sometimes a cautionary tale demonstrates what’s at stake.

Many years ago, your correspondent was visiting his parents when the house phone rang. On the line was a stranger, who’d acquired the phone number from a very unusual source.

Six months earlier, the lady of the house had disposed of an old – and supposedly broken – Apple Mac Mini at the local recycling centre.

Yet instead of being crushed, recycled or deconstructed, it had been picked up by a self-declared tech scavenger.

He’d managed to get the computer working again, bypass Apple’s security settings (which were less rigorous than they are nowadays) and access the hard drive.

He’d successfully extracted personal data including secure webpage URLs, social media accounts – and the house phone number he’d just called.

This particular story has a happy ending. The scavenger was simply letting us know the information was out there, and asking what we wanted him to do.

One full factory reset later, the repaired iMac was wiped clean, and a chastened family agreed never to dispose of any electronic device without first purging it of personally identifiable information (PII).

Where do I start?

Having established the importance of deleting personal data from old devices, it’s time to consider how this is achieved in practice.

It’s not sufficient to drag items to a desktop recycle bin and empty it. Files – and useable fragments – might still be stored in the recesses of the hard drive.

Don’t assume only computers and smartphones can be pillaged for PII. Digital cameras, games consoles, tablets and even smart speakers should also be erased.

The first step is to ensure any PII you want to keep has already been removed. On a computer, this might include:

Save everything to files and folders on a replacement machine, in the cloud, on external storage media like a USB stick or a DVD-RW.

Open a few files at random to ensure they copied across without corrupting, giving you confidence to erase the originals.

Remove ejectable storage media (microSD cards, SIM cards and suchlike) from the device.

Next, log out of any accounts, websites or utilities – especially your Apple ID or Google account.

Deleting cookies helps to simplify the transition to another machine, where service providers won’t initially recognise you.

Factory records

Now it’s time to perform a full factory reset on the machine – the final stage in deleting personal data from old devices.

This process varies by platform, but the results ought to be similar.

On a Windows 11 PC, search for Reset This Device. On an Android 13 tablet or smartphone, go to Settings > System > Reset options > Erase all data.

Make a cup of tea while the formatting takes place, but don’t assume a blank screen means the process is complete.

Always test the device before selling it or throwing it away, to ensure it really has been reset to factory defaults.

If the reset hasn’t worked, you might need to run it again.

Once the device is restored to factory settings, you can investigate reselling or disposing of it. The Recycle Your Electricals website offers advice regarding the latter approach.