Prepare for repair: safeguarding your data

In yesterday’s article about preparing a Mac to go in for repair, I explained how important it is to clean it physically. The other important issue is how to safeguard any data which might be on it.

There are two sides to this: ensuring that you don’t lose any data or documents from it, and ensuring that documents on your Mac which are sensitive cannot be accessed while it is out of your control.

The best option is now sadly almost unavailable: to take your Mac in to an authorised Apple engineer, and to watch as it is checked, diagnosed, and fixed. If you still have that available, you are very fortunate indeed.

Avoiding data loss

In all other cases, your Mac will go out of your sight for days, and when it returns it could have a new logic board or motherboard, and new internal drive. So you should plan that everything on your internal storage will be completely wiped. This means performing at least one full backup before it leaves your hands; if you like belt and braces, you might have a current Time Machine backup and a mirror copy made using Carbon Copy Cloner onto an external drive.

You might also like to ponder what to do about apps which have to be authorised on a particular Mac before they will run. If your Mac returns, say, with a new motherboard and drive, it is most unlikely that the vendor’s checking system will recognise that as your old Mac. If you are worried about this, deauthorise such products on that Mac before sending it for repair, then authorise them again when it returns.

If it is your internal storage which has failed, then this can be a challenge, but all you can do is the best that you can.

Protecting sensitive data

Ensuring that sensitive documents and other data are not accessed is a bit more involved. Apple’s official service agents around the world do normally take great care to prevent personal data from ‘leaking’ from customers’ systems. If you have personal information which is of only limited value – accounts, tax returns, address book, diary, for example – then you may decide that there is no risk from an official repairer, or when in transit. In that case you should be able to leave your internal drive as it is.

This gets more involved when the data on your drive are sensitive, and most of all when you have a legal responsibility to protect them – in the UK, under the Data Protection Act, for example. If this is a laptop, then you should already have its drive encrypted using FileVault, or possibly just the sensitive files using a good encryption product.

If your drive is encrypted, then you must provide the repairer with your admin password or temporary admin privileges, so that they can obtain access to the encrypted drive. And that is where the problems start.

In theory, what you might do then is additionally encrypt all your sensitive data, so that even with full access to your encrypted drive, those files cannot be opened. But if someone were determined to gain access, they might be able to recover unencrypted copies of the files from an SSD, which can leave data accessible for some time (as can a hard drive too, in the right circumstances).

If you really do need to ensure that no one in the service centre can access any of your sensitive data, the only way to approach this is as if you were disposing of that Mac completely, detailed here. So you would need to prepare it by erasing the internal drive, overwriting it a reasonable number of times, then installing a fresh copy of macOS, but without FileVault’s encryption.

Perhaps the best advice, if this is the case, is to contact the repair centre and make suitable arrangements direct with them. This might involve your removing the internal storage before you send it off.

One final concern for those with sensitive data on their internal drives: what if the repair centre has to replace the drive? What then happens to your old drive, which could still contain recoverable data? If you have had full disk encryption active using FileVault, your data should still be safe. You may, though, wish to check with the repair centre as to what they do with their old, dead drives. They should physically destroy them, of course, but it never hurts to check.