Versions Compared

Old Version 6

changes.mady.by.user Valerie Vogel

Saved on

compared with

New Version Current

changes.mady.by.user Valerie Vogel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Practical Information Media Sanitization Guidelines for Higher Education

Version 2.0: September 2009Last reviewed: July 2015

Background

Much sensitive and private information at educational institutions is recorded and maintained outside central information technology systems on various desktop and portable devices and removable media. This information is recorded and maintained by university and college community members including full and part-time faculty, administrators and staff members.

...

Since none of the open source or freeware tools listed above will work with computers running a Macintosh operating system, consider using Jiiva's SuperScrubber, which is a disk sanitization product for the Mac. MIT's Information Services & Technology Department provides examples of additional software options for Windows, Macintosh, and Unix.

...

  • Arizona State University
    Arizona State's Property Control Manual states that property must be disposed of through Surplus Property. It further notes that the releasing department must securely wipe hard drives and other data-containing medium before transfer to Surplus Property. But it additionally notes that if the department fails, Surplus Property computer staff will handle the task.
  • Auburn University
    Auburn's policy on electronic data disposal places responsibility for sanitizing devices and media with Deans, Directors and Department Heads. The policy requires data removal to DOD standards or destruction. The policy notes that OIT will sanitize equipment at standard hourly rates and discourages hard drive destruction.
  • Baylor University
    Baylor's disposal policy states that central ITS will handle all data removal and computer disposal. It further states that ITS will erase data to DOD specifications or will destroy the device.Central Michigan University
    CMU IT policy requires central IT data removal for assets being transferred to external surplus. User departments are responsible for data removal on internal transfers and the policy provides procedures and instructions.
  • Lehigh University
    The university's disposal policy requires that all data on hard drives be overwritten with zeros for disposal or for internal or external transfer.
  • New York Universityhttp://www.nyu.edu/asset/surplus-computer.html
    Asset Management disposal procedures requires that units certify the secure destruction of all data in computers or electronic storage devices prior to disposal. Units may use an approved vendor to sanitize equipment and certify data destruction or may follow ITS guidelines to sanitize equipment.
  • Northwestern University
    The NUIT disposal policy requires units to remove software and data before disposal or recycling. NUIT also provides a central service for formal disposal and suggestions for units that handle their own disposal.
  • Purdue University
    Purdue's university policies include this interim policy on the Proper Disposal of Electronic Media. The policy places the responsibility for compliance on department managers, defines protected information, and provides clear and concise data clearing procedures for disposal of common media types in a matrix format.
  • Rice University
    The Office of the VP for IT provides a policy requiring that all devices capable of storing information must be purged of all information before internal or external transfer. The using unit is responsible and may either securely delete the information with an approved tool or have Data Center Operations handle the process. Fees may be charged for large groups of items.
  • Temple University
    Temple's Computer Recycling Center (CRC) web page specifies that the user must make certain that the hard drive of any computer being sent to the CRC has been erased and is free of any university data. The CRC is funded by a fee charged on all new university computers.
  • University of California at Berkeley
    Business Services policy requires removal of "...licensed, personal, sensitive, or University software..." for disposal. The policy states that departments are responsible for removal and prohibits destruction of hard drives.
  • University of Florida Data Destruction - Securing Media for Disposal/Transfer and Media University of Florida Media Reuse and Data Destruction Standards for IT Workers
    Asset Management Services requires that data be destroyed in accordance with university standards for disposal. IT's media reuse and destruction standard specifies procedures and guidelines and provides links to an extensive list of resources.
  • University of Hawaii System Disposal Guidelines for Unused Computer Equipment and Securely Deleting Electronic Information
    IT provides a policy on transfer and recycling of computer equipment. The policy includes a requirement to securely delete personal information as well as suggestions for recycling resources, programs, and vendors. The policy links to an "ask us" document with secure deletion procedures, tips, and instructions. The document also covers cell phones, PDAs, and storage media.
  • University of Illinois
    The University of Illinois provides an Administrative Policy on Disposal of Digital Media as well as a Standard for the Disposal of Digital Media. Both are available in the EDUCAUSE Resource Library at the above URL. The administrative policy covers university compliance with digital media disposal requirements under Illinois law and references the new standard. The standard itself provides detailed procedures for sanitizing media commonly used in higher education, guidance on compliance with Illinois law, and references to useful federal sanitization documents.
  • University of Iowa
    The CIO policy requires that "...computer and digital storage media must have all institutional data and licensed software reliably erased from the device prior to its transfer out of University control, and/or the media must be destroyed, using current best practices for the type of media." The policy includes links to resources for disposal and destruction.
  • University of Minnesota Computer Recycling, Secure Data Deletion Standard, and Destroying Data
    UMN's OIT unit provides overall computer recycling through a 3rd party vendor. The data deletion policy places the responsibility for deletion on the party responsible for placing non-public information on a computer, and provides a list of deletion software and techniques.University of Nebraska Lincoln
    Information Services' disposal policy requires units to remove software and data before disposal or recyclingand provides a list of deletion software and techniques.
  • University of Pennsylvania Computer Recycling and Disposal Options and Guidelines for the Destruction of Confidential Records
    The university's IT and Archive policies and recommendations specify removal of sensitive data from computers before disposal. They also recommend checking software license terms to see if the software must be deleted before transfer. The recommendations include information on removal techniques and vendors.University of Rochester
    UIT's policy on data deletion places the responsibility for secure deletion on the area disposing of a computer. The policy also includes a list of disk cleaning software resources.
  • University of Washington
    University Facilities Services Surplus Property unit purges data from surplus university computers using Department of Defense approved data destruction software following DOD guidelines or by destroying hard drive platters. Departments are expected to practice due diligence by deleting all files prior to surplussing their equipment, especially files which contain confidential data, such as personnel, patient, legal, or student information.

...