Journal Q&A (9/02)

Q: What is a virtual shredder?

A: The phrase "virtual shredder" refers to software that recognizes deleted files and overwrites "free" space with random information to prevent recovery of the original material.

When you delete a computer file, that area on the disk is marked "free." The deleted information actually remains on the disk until another file is written to the same place.

Certain kinds of software are capable of reading deleted information, making it possible to recover deleted files for legitimate (or harmful) purposes. For example, you might ask a data recovery company to retrieve a file you did not back up and accidentally deleted. An employer might use file recovery software to access deleted e-mail conversations to make sure employees use company computers appropriately. A hacker might use recovery software to steal and sell a health provider's patient health information.

Virtual shredding software may have a place in an organization's formal retention and destruction program. However, it is important to note potential shortcomings. For example, the software may miss temporary back-up files that the user does not see. E-mail may remain in other locations for years, even when the original message has been destroyed. Additionally, those who use the software to destroy files prior to the scheduled destruction date or in anticipation of a subpoena could be in violation of the law.

References

Associated Press. "Virtual E-mail Shredders Add Control." CNN.com/ SCI TECH, February 17, 2000.

Carr, Kathleen. "Meet the Shredder." CIO 13, no. 11 (2000): 40


Journal of AHIMA 73, no.8 (2002)