This Procedure sets out the University’s required process, per the Records Retention Policy, for disposing of sensitive electronic records and devices containing such records. University employees are required to follow these procedures when disposing of devices and storage media that contain, previously contained, or may have contained Sensitive or High Value Sensitive Data as defined by the Sensitive Data and Security Policy, which will be referred to as “sensitive data” in this procedure. If an employee wishes to utilize an alternative process to the secure destruction procedure described below, then they must obtain the prior written approval of the CIO or the Director of IT Security.
Scope: This procedure covers all employees of the University who are in possession of sensitive data and particularly employees involved with the destruction of data, the destruction of electronic media and devices, and/or the disposal of media and devices.
Procedures for Secure Destruction by Device Category:
When a computer or its removable hard drive (HDD, SSD, or similar technology), regardless of the data contained, but especially when known to contain sensitive data, is replaced or removed from use, it initially will be stored securely. Before any drive would normally be placed back into University use, unless it is known to not contain sensitive information, it must be securely deleted. Drives that are known to or may possibly contain sensitive data, and any drive leaving the University must still be securely deleted.
To securely delete a hard drive, an ITS technician will place the hard drive into a purpose-built Duplicator, as listed in the Attachment, with a “wipe” function and perform a complete wipe/overwrite. In the case of non-removable storage, a Whole Drive Secure Deletion tool, as listed in the Attachment should be used to perform one complete wipe/overwrite. For specialized drives or devices that are not readily deletable using conventional methods, the ITS technician will research an appropriate wipe, secure deletion, or physical destruction method with the device manufacturer and verify the methodology with the Director of IT Security or the CIO.
When a USB drive containing sensitive data needs to be discarded, an ITS technician will attach the USB drive to a computer and run an approved Granular Secure Deletion tool, as listed in the Attachment. The ITS technician will then run the program, performing one complete overwrite.
When any form of media, which is inserted into a desktop drive, containing sensitive data needs to be discarded, the media must be physically destroyed. This is most easily accomplished by using a pair of scissors to cut the media in half. It is also acceptable to send the media through a shredding device. This does not necessarily need to be performed by an ITS technician.
When data on tapes from enterprise backups effectively ages out due to retention schedules, and is not subject to any current litigation holds, those tapes may be “blanked” for reuse by backup software and securely retained until they are reused, or if no longer needed, they may be destroyed as detailed below.
When a backup tape needs to be permanently discarded, the backup tape may be sent through a degaussing device or physically shredded using a commercial shredding vendor. Because it is difficult to determine which specific files are on which specific tape, all non-reused backup tapes are subject to this policy. If an area has backup tapes but does not have a degaussing device, they can provide the backup tapes to ITS for degaussing. Once the backup tapes are degaussed, they can be discarded.
If a device or piece of media is unable to be read, it must be either degaussed or physically destroyed. If an area is unsure of how to do so, or does not have a degaussing device, they can contact the IT Service Desk.
An ITS technician will physically destroy the device or degauss it, depending on which is more appropriate.
DBAN - https://sourceforge.net/projects/dban/ - 2.3 and above
Eraser - http://eraser.heidi.ie/download/ - 6.2 and above
note: Substitutions and replacements for the above technologies are to be evaluated by support staff with Director of IT Security as needed