Typically, when you delete a data set, only the catalog, VVDS, and VTOC information is removed. The information on the disk or tape that the data set occupied is unchanged; only the means of locating and accessing the information is actually deleted. Until that space is used again, the information could be read by a program that can find the data.

To protect sensitive information, you can erase the information when you delete it. Information is erased by overwriting it with binary zeros before the space is made available for other allocations.

You can control the erasure of data with the Resource Access Control Facility (RACF®), the DEFINE command, or the DELETE command. Data is erased according to the following rules:

1. If the RACF generic or discrete profile specifies ERASE, the data is erased.
2. If ERASE is specified on the DELETE command, the data is erased, even if the RACF profile specifies NOERASE.
3. If NOERASE is specified on the DELETE command, the data is erased only if the RACF profile specifies ERASE. If NOERASE is desired, use a RACF command to change the attribute before using the DELETE command.
4. If a catalog cluster or alternate index is deleted, and it was defined with ERASE specified, the data is erased unless NOERASE is specified on the DELETE command.

For more information about the RACF ERASE attribute, see RACF-Controlled ERASE Options.