Avoid ID theft and protect personal data when getting rid of a gadget

Don't recycle, trade in, sell, or donate a device without wiping it clean

Last updated: February 2014

Nearly 60 percent of Americans use three or more Internet-connected devices at home across three different operating systems, according to a recent survey by the Internet security company AVG. With so many gadgets connected to online marketplaces, credit-card and Social Security numbers, banking information, passwords, family photos, and more accumulate in places you might not expect—say on that 7-year-old Nintendo Wii collecting dust on a shelf in your family room or on a hard drive you used to back up your PC at some point very early in President Obama's first term.  

You might be in the market for a new computer, gaming system, or smart phone for yourself or a family member. Unless you're a hoarder, buying a new device means you'll likely be recycling, trading in, selling, or donating an aging gadget, making it essential to keep sensitive data from getting into the wrong hands. The results could also be devastating: Just ask anyone who's been the victim of identity theft.

Erasing isn't enough

Taking the basic steps—deleting data from or reformatting a computer hard drive, or doing a factory reset on a smart phone or tablet—might be enough to discourage identity thieves. But this approach is far from a guarantee, and it won’t stop someone who’s specifically after your files, accounts, or photos.

And even if you find, identify, and delete all sensitive files on your device, that doesn’t mean a savvy thief can’t recover them fairly easily using data-recovery software. Some of those programs are as easy to use as any basic software and app, and many are free.  

To ensure that your files aren’t easily retrievable, you'll have to resort to more drastic measures. Most will take some time, but the effort is worthwhile and will provide greater peace of mind.

Check for removable media

First, back up the content you want to keep. Then check your device for any removable storage. For computers, that means checking the DVD drive, card reader, floppy drives, and USB ports for old or forgotten media.

In addition to internal storage, non-Apple phones and tablets often have a tiny removable microSD memory card, which houses photos and other media files and sometimes app data as well. The card is likely hiding beneath the back battery cover, near the SIM card slot, or even behind the battery. You’ll want to remove it and, if your phone has one, the SIM card, since it contains your phone number and probably at least some of your contacts.

For digital cameras or media players, removing the memory card is the obvious step. But remember that many devices, particularly older digital cameras, have some internal storage as well. So connect the device to your computer via USB and delete or remove internal-memory files.

Personal computers

When you're recycling your old laptop or desktop, the simplest and most secure solution is to physically remove the hard drive. You can then install the old drive in your new computer, or put it in a USB hard drive enclosure and use it for backup or portable storage. But if screwdrivers intimidate you or you want the computer to remain functional so someone else can use it, you’ll have to invest a lot more time.

To make sure your personal data isn't recoverable by reasonable means, do a secure wipe: This not only deletes your data but also overwrites the data a certain number of times, which makes the data much more difficult to retrieve. Unless you're worried about corporate espionage or government intervention, three passes is generally sufficient. After that, some of your data may still be retrievable, but it would take a significant amount of time and expertise to do so.

You can also securely erase a Mac or PC by making a free bootable DBAN CD or flash drive. When you boot your computer with DBAN, you can choose various levels of secure erasing and select which drives you want to erase, if the computer has more than one. Or you can type "autonuke" to securely erase all drives. (For PCs, you can also use secure file erasers such as File Shredder, Eraser, and Freeraser to erase individual files and folders instead of the whole drive.)

DBAN is a good choice as long as you don't want to repurpose the PC with the OS intact. If you're on Windows 8, though, you can do a factory reset with Windows reinstalled, with an option to do a secure erase in the process.

Secure erasing can take several hours or even days to complete, depending on the size of your drives, so don't do this the night before donating or selling your device.

You can also this method to erase external portable hard drives securely. Just take care to erase the correct drive and not a drive with data or an operating system that you want to keep.

Smart phones and tablets

The easiest way to securely erase a smart phone or tablet is to encrypt the device first, then do a factory reset. First, though, remember to back up any files you want to keep and remove the microSD and SIM cards.


Apple generally does a better job of securely erasing your personal data than Android. For the iPhone 3GS or later, third-generation iPod Touch or later, and all iPads, device data should automatically be encrypted if you have a passcode (screen lock) enabled. The passcode is used to generate an encryption key, and when you factory-reset your phone, the passcode and encryption key are securely deleted. Any data that’s left behind is securely scrambled, and thereby inaccessible to all but the highest-level data-recovery experts.

If you haven’t already set a passcode in iOS, you can do so by tapping Settings, then General, then Passcode.

Also check on this screen to make sure that data protection is enabled; if it isn’t, toggle it on.

Once encryption is enabled, head back into Settings, then General, then Reset. You’ll see a warning that the next step will erase all your media and data, followed by a red Erase button. Hit this and after a few minutes, your iPhone, iPad or iPod touch is ready to sell or trade.


Many Android phones and tablets, particularly older devices, don’t support hardware-based encryption. But you can enable encryption via software. Just know that encryption may slow your device’s performance, and it can’t be disabled without resetting your phone.

Plug in your Android device before encrypting, as the process can take more than an hour, depending on hardware and the amount of storage on your device.

You’ll also need to set up a PIN or password (not pattern unlock or face recognition) if you don’t have one already, as the device uses your password to generate the encryption keys. Go to Settings, then tap Security, then Screen Lock, and PIN or Password. Then create a PIN or password.

Now you’ll be able to encrypt your Android device. Go to Settings again, then Security, then Encrypt phone (or tablet). A warning screen will advise you that the process will take time and can’t be undone without resetting your phone or tablet. You’ll also have to provide your PIN or password before proceeding.

After your device has finished encrypting its data and rebooted, you’ll have to again enter your PIN or Password to get back into Android. Once there, you’re ready to factory-reset the device.

Because different device makers tweak Android to their own liking, the instructions for this next step (and Android instruction in general) will vary from device to device.

For recent Samsung devices, go to Settings, then Accounts. Scroll down to Backup Options, tap Backup and Reset, then Factory data reset.

For Nexus devises such as the Nexus 7, go to Settings, then scroll down to Backup & reset, right above Accounts. Tap that, and then hit Factory data reset.


The BlackBerry OS has changed so much over the years that providing detailed steps to encrypt and reset every device is impossible. But the basic steps are quite similar to those of iOS and Android, and should roughly line up with the instructions below.

Go to Options, Security Options, General Settings, and set a password.

Then set Content Protection to Enabled. Choose the option to encrypt your address book as well.

Once that’s done, make sure your phone or tablet is plugged in, then follow these detailed instructions from BlackBerry to reset. Or just dive into Settings, tap Security, then tap Security Wipe.

Enter your password, confirm that you want to reset the device, tap the Wipe Data button, and wait for the process to finish.

Windows Phone

Most older Windows Phone 7 devices lack on-device encryption. Newer Windows Phone 8 devices do support encryption, but the average consumer can’t switch it on: Encryption must be enabled via one of two paid business-class services, either Microsoft’s Exchange business e-mail client or the Intune enterprise cloud-based device-management system.

That means device encryption isn’t an option for the average Windows Phone consumer, so you’ll have to go to a bit more trouble to securely erase your data.

To reset your Windows Phone, go to Settings, then About, then Reset phone. In Windows Phone 8, you’ll have to tap through two warning screens before deleting all your data.

Since you weren’t able to encrypt your old data before deleting it, you can then force the device to overwrite your old data by manually filling up the phone’s internal storage with nonpersonal files. Any small files that don’t contain personal data will work. MP3 files are a good choice, because most people have enough of them to fill up a phone.

Unfortunately, for older Windows Phones, you can’t just connect the phone to a PC and drag files over. For Windows Phone 7 devices, you’ll need to transfer the files via Zune software.

For Windows Phone 8, on a PC, you can drag files onto the device using Windows Explorer. For Macs, you can use the Windows Phone app

However you get the music or other nonpersonal data onto the device, you’ll need to keep adding files until the phone is completely full. For added security, when the phone is full of music files, you can delete the files you added, then fill the device up again, and factory reset the phone a second time.

Gaming consoles

Photo: Sony

There’s no easy way to do a secure wipe of game-console storage, so you’ll have to rely on the standard factory reset. In the case of the Microsoft Xbox or Sony PlayStation 3, you can physically remove the hard drive and hook it up to a PC or Mac, and securely erase it via the method mentioned above. But generally, the sensitive data on consoles is stored in nonremovable Flash memory.

As we noted earlier, you’ll want to remove any media cards and either keep them, or securely erase those as well before placing them back in the system. You can securely erase standard SD cards with this free app from the SD Association.

After installing and starting the SD formatting program, choose the card’s drive letter on your system, then click the Format button on the bottom.

Then from the resulting menu, choose Format Type: Full (OverWrite). Again, this will take quite a bit of time, depending on the SD card’s capacity and write speed.

Xbox 360

To reset the Xbox 360, first remove any parental controls. Under My Xbox, go to System Settings, then System Info. Here, you’ll need to write down your device’s serial number, which is displayed at the top.

Then back out one menu level, and select Memory, press the Y button for Device Options, and select Format.

Hit Yes, and you’ll be asked to enter the serial number you just wrote down. Do that, then confirm that you want to erase the system, and the process will begin.

Nintendo Wii

Before resetting your Wii, first delete the Wii Shop Channel, which stores your account and purchased games. To do this, select Wii Shop from the main menu, then click Settings and Features, then hit “remove Wii shop channel account.”

Once that’s done, reset the Wii to factory settings by clicking the Wii button from the main screen, then selecting Wii Settings. Click the arrow on the right twice to get to the third settings page. Then select Format System Settings.

If you have parental controls enabled, you’ll have to enter your PIN. Then select Format, and your Wii will begin the factory-reset process.

Sony PlayStation 3

The PlayStation 3’s factory-reset process is the most arduous of modern consoles, but it is thorough.

First, you’ll need to deactivate each account that has access to the device. For each profile, log onto the PlayStation Network, and click Account Management. Then click System Activation, choose PS3 System, then select the Game category, and choose Deactivate.

Now go back one menu level and select the Movie category and deactivate that as well. Repeat these steps for all accounts that access your PS3. Now, you’ll need to log in to each user account on the console, and delete the accounts, one by one. Select the user, press the triangle button, and select Delete.

Last, go to Settings, then System Settings, and select Format. Choose Format Hard Disk, then Yes to confirm formatting the device.

Nintendo 3DS handheld consoles

To remove all of your personal data from these gaming gadgets, go to the System Settings icon on the lower touch screen (the icon with the wrench symbol). Within the System Settings menu, select Other Settings, then scroll over to the fourth menu page and select Format System Memory.

At this point the system will prompt you to delete your Nintendo eShop account. The eShop is Nintendo’s equivalent of iTunes, but it is tied to your device, and this is where your credit-card and purchase information is stored, so you'll want to make sure to delete the account. Just open the Nintendo eShop and select Menu. Select Delete Account and then confirm.

Formatting the 3DS will not wipe anything you have stored on the removable SD card, so remove it.

PlayStation Vita

As with the PlayStation 3, you have to deactivate the PlayStation Vita before wiping it. Sign into the PlayStation Network, then open the Settings menu.

From there, select Start, PlayStation Network, and then System Activation. Follow the onscreen instructions to deactivate the device. This can also be accomplished by logging into your account at https://account.sonyentertainmentnetwork.com/liquid/login.action. From here, you'll be able to see all the devices you have activated on your account.

Once the Vita is deactivated, you can use the Restore function to completely wipe your data from it. To do this, open the Settings menu again. From this menu, choose Start, then Format.

Here you'll be given the option to format the Memory Card. Make sure to do that, because the Vita uses a proprietary memory card, so you won’t be able to wipe it on a computer. Then return to the Settings menu, choose Format, and choose Restore the PS Vita System. Follow the onscreen instructions to finish formatting the device. Remove any game cards or memory cards from the Vita before you sell or recycle it.

Bottom line

Remember, even if you follow our advice to securely delete files from electronic devices, the only foolproof way to make sure no one can retrieve your data is to physically destroy hard drives and memory chips (following proper safety precautions). Of course, if you smash your device, you won’t be able to sell it, trade it in, donate it, or give it to a friend.

If your devices ever contained top-secret documents, you may want to look for a hammer. For the rest of us, the methods above should be reasonably sufficient to keep your personal data safe.

—Matt Safford


E-mail Newsletters

FREE e-mail Newsletters!
Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Electronics & Computers News


and safety with
subscribers and fans

Follow us on:


Cars New Car Price Report
Find out what the dealers don't want you to know! Get dealer pricing information on a new car with the New Car Price Report.

Order Your Report


Mobile Get Ratings on the go and compare
while you shop

Learn more