“As of 2026, factory reset does not reliably erase all personal data from electronic devices, and significant amounts of recoverable personal information remain on many second-hand devices sold or recycled worldwide.”

Many companies still assume that a factory reset or standard data wipe is enough to protect user information. That may have been true ten years ago, but in 2026, these methods don’t come close to the security needed for commercial device turnover. Traditional resets fail for several reasons: Residual data remains recoverable through forensic tools.

Previous investigations showed that the threat of remnant data on second-hand or recycled electronics is real and serious. For instance, they demonstrated that more than half of the second-hand storage devices include remnant data—in clear or recoverable through specific tools (i.e., widely available forensic tools). These studies reported recovering business documents, medical case reports, financial information (e.g., credit card pin numbers or private keys associated with crypto assets), personally identifiable information (e.g., vehicle registration numbers, phone numbers), and even highly sensitive data such as photos of an intimate nature and pornographic content.

While a factory reset removes user access to data and restores the operating system to its default state, it does not necessarily erase the underlying data at the physical level. Logical deletion occurs when the system removes file pointers or references, marking storage as available while leaving the actual content intact until overwritten. This allows previously stored data—such as messages, photos, or app information—to be potentially recovered with forensic tools.

Following a complaint alleging insufficient wiping of returned devices, the OPC launched an investigation into the organization's internal practices. The investigation found that the organization had not implemented adequate measures to protect personal information from unauthorized access or disclosure, particularly due to inadequate internal policies and training, and the absence of effective control mechanisms. In its conclusions, the OPC states that, to be considered adequate under principles 4.7.1 and 4.7.3, wiping procedures must comply with the device manufacturer's guidelines for resetting and wiping data.

Research and practical experience show that residual data often remains, including messages, photos, emails, app data, and account credentials. Standard resets do not always overwrite all storage areas, meaning some information can still be recovered with specialized tools. A research paper from Cambridge University found that even after performing a factory reset on Android devices, certain partitions still retained data generated during device use.

A factory reset does not always permanently delete data. A reset removes access to files, but it may not erase the data itself. On many devices, data can still exist until new data overwrites it.

A factory reset doesn’t instantly and permanently erase all data. On flash memory devices (like the storage in your Android phone), the reset process typically does two things: 1. Deletes the Encryption Key: Modern Android phones (Android 6.0 and later) use full-disk encryption. A factory reset wipes the key needed to decrypt the data, making the old data inaccessible to unauthorized users. 2. Removes Pointers: It removes the “pointers” or “table of contents” that tell the operating system where a file physically begins and ends. The actual data remains on the chip, marked as “available” to be overwritten by new data.

While being more affordable and environment-friendly than brand-new products, transactions of second-hand products can create new security and privacy threats. The problem can be even more severe if the second-hand product has storage capabilities, including but not limited to smartphones, tablets, laptops, hard drives, memory cards, or USB sticks. Such devices could include some so-called remnant personal data (i.e., data that can still be found on the device) or malware.

A factory reset on a Windows Phone simply removes data pointers. The actual data remains intact and can be recovered with basic tools. In a 2015 study by Blancco Technology Group and Kroll Ontrack, researchers purchased over 120 used phones online. They found that 35% of those phones still contained recoverable data—including texts, emails, photos, and more.

An analysis of secondhand mobile devices found that 35% still contained recoverable data even after being factory reset and resold. This highlights the risks of relying solely on factory resets without a disposal plan. Even if you erase your data manually, it might not be enough. Often, deleted files can be recovered with the right tools.

When devices reach end-of-life, the data stored on them doesn't simply disappear. Even deleted files, reformatted drives, and “factory resets” leave data potentially recoverable without proper standards.

NIST SP 800-88 Revision 1 (updated 2014, still authoritative in 2026) classifies factory resets as 'Clear' method, suitable for low-risk data but insufficient for sensitive information as it does not guarantee non-recoverability by advanced forensic tools, especially on SSDs and mobile NAND flash.

A factory reset does not guarantee the irrecoverability of sensitive data. Depending on the device model, encryption, and how the factory reset was performed, data may still be recoverable in some cases. The risks are especially high for older Android models with unencrypted storage.

In 2026, data recovery technology has become very mature, and there are many methods you can try to recover formatted files. This article will provide you with detailed information on free formatted data recovery methods to help you recover important files lost due to formatting.

Treat suppliers as part of your risk profile. Most serious breaches involve third parties. Check their security, contracts, and data handling practices before you share anything.

Secure erasure ensures compliance with strict regulations, prevents breaches, and enables device reuse while minimizing e-waste.

Factory reset isn't enough by itself to securely erase data before selling a phone in 2026.

61% of Americans say limiting access to their personal data is very important, but 33% admit to taking only moderate care in protecting it. 56% are concerned that wearable devices could reveal personal lifestyle details to companies, making wearables a top data privacy concern.

Tech companies rely heavily on third-party providers, including cloud hosting services, payroll and HR platforms, analytics vendors, AI tools, CRM and marketing platforms, and messaging platforms. Third-Party Risk Is Employer Risk.

Supports recovery after factory reset, works on most Android brands. Firstly, free download and open iMobie DroidKit on your computer, then click quick recovery from device, then select quick recovery from device under recover lost data. Now you will see various data types that the program supports for recovery.

This video will show you 3 effective ways to recover data from Samsung phone after factory reset. Sometimes, we may have to do a factory reset to our Samsung devices to make the phone work. All data will be erased after factory reset Samsung.

Accidentally performed a factory reset on your Android or iPhone and lost all your photos, videos, contacts, and files? Don’t panic — in this video, I’ll show you how to recover data after a factory reset. Stellar consistently finds more recoverable files, especially after formatting or a factory reset.