It appears that in many cases, there is no way (short of physical destruction) to securely delete data from an arbitrary SSD. Unfortunately, I do not know how an individual (not a business) can destroy a drive without violating HAZMAT laws.
Should I just stick with HDDs? I know I can erase those securely.
Either way there are risks, but the best solution is to use full-disk encryption.
With SSD's, there is the risk of data that is left readable by technical tools in areas of the drive that have been removed from service by wear leveling.
But the same thing applies to hard disk platters, which likewise "house keep" in this fashion.
I am not aware of any physical destruction issues that would apply only to SSD's that would not also apply to modern hard disks (which have circuit boards, flash chips, etc.
It seems to me the solution is to initialize the SSD (or physical platter hard disk), out of the package, with your favorite secure full disk encryption software; and rely on the security that provides. If you want further assurance, then there are services that will reliably grind used hard drives into metal, plastic and epoxy confetti.
You can wipe a SSD if you write enough information on it. If you zero it 10 times over, you can work around the wear leveling.
If you really want to destroy the data (and probably the disk), just run (on Linux) something like this:
while true; do
dd if=/dev/urandom of=/dev/sda bs=4M oflag=direct
done
And let it run for a day or two. No matter how good the wear leveling is, it will overwrite the data a lot of times. It probably will ruin the disk too.
SSD devices have a special command ATA Secure Erase that will instruct the firmware to release all data stored on every sector of the disk. According to NIST (U.S. National Institute for Standards and Technology), ATA Secure Erase is an effective and secure way to meet legal data sanitization requirements against attacks up to laboratory level.
It works different on SSD devices with and without encryption.
On devices that does not perform encryption, the controller is instructed to send a voltage spike to all sectors, resetting every block of data.
On devices that employ transparent encryption, only the key is changed. There's no way to recover the key, and even if the data is not changed, it's impossible to decrypt without the proper key.
Is possible to use hdparm on Linux to execute a Secure Erase on a SSD.
A study from Michael Wei et al describes a lot of ways to properly erase a disk, and shows that some firmware bugs and missteps can prevent the disk from being secure erased. So, a hybrid approach (Data overwriting and ATA Secure Erase) would suffice to destroy the data.
I would not sweat it. Even a platter-based drive can be recovered because the magnetic zones are two-dimensional areas and when you "erase" the bit in the area, it just erases the center of the area.
If the data is so secretive that you feel a need to wipe the drive you are better off just destroying it with a drill. Thorium's suggestion of just randomly writing things to every bit on the drive repeatedly is valid too; just be sure to write to every single bit 5-10 times.
You can do the same thing with an SSD. Just drill a hole or two through it.
Data drives are not "hazardous materials".
