Topics Map > Safety and Security
Security Compliance, Electronic Data Storage Device Disposal
Q: What's the university policy regarding disposal or surplus of electronic storage media and/or storage devices?
Q: What actions must I take before releasing or disposing of storage devices or storage media?
Storage Device or Media |
Action (at least one must be performed) |
|
---|---|---|
High-risk data (Health information/PHI, payment card, SSN, DL#, banking, export control, compartmentalized, etc.) |
HDD (magnetic, spinning-platter type) Magnetic Tape Other2 |
Crush/Shred1 |
High-risk data |
M.2 SSD Flash |
Crush/shred1 |
Sensitive data (FERPA, etc.) |
M.2 SSD Flash |
Overwrite/scrub (must be verified) Crush/shred1 |
Sensitive data |
HDD (magnetic, spinning platter- type) Magnetic Tape Other2 |
Overwrite/scrub (must be verified) Degauss Crush/shred1 |
Sensitive data |
Encrypted storage3 |
Verify device is completely encrypted, then delete all encryption keys such that they are completely irrecoverable and officially document.4 |
Internal data & Public data |
M.2 SSD Flash |
Overwrite/scrub Crush/shred1 |
Internal data & Public data |
HDD (magnetic, spinning platter- type) Magnetic Tape Other2 |
Overwrite/scrub Degauss Crush/shred1 |
Internal data & Public data |
Encrypted storage3 |
Verify device is completely encrypted, then delete all encryption keys such that they are completely irrecoverable and officially document.4 |
1 - Physical destruction should be performed by the universality's in-house Surplus team.
2 - Other includes optical media (e.g., CDs or DVDs), magnetic media (e.g., tapes or diskettes), disk drives (e.g., external, portable or disk drives removed from information systems).
3 - Any university-managed device with strong, full-disk encryption for its entire service life including both flash and magnetic storage types
4 - File-level encryption does not meet this requirement, nor does a device that was unencrypted for any length of time. Actions must be complete and auditable
Q. What do you mean by "scrub" or "overwrite"?
A. On spinning-platter and magnetic type hard drives, scrubbing or overwriting means writing over each bit with random ones and zeroes.
For flash memory and SSDs a different approach must be taken because it operates differently than magnetic media. Most SSDs have special data purge commands built into their hardware. These should overwrite the data in multiple passes using a pattern in the first pass and a complement in the second pass.
Q. How might I scrub or overwrite a digital storage device?
- Dell: https://www.dell.com/support/kbdoc/en-us/000146892/dell-data-wipe
- HP: https://support.hp.com/us-en/document/ish_7095884-7095936-16
If the manufacturer doesn't provide a utility to securely wipe a drive, a third party utility may be used. The table below are provides generic utilities that may be used to meet the requirement.
Type | Tools | Note |
---|---|---|
HDD |
To use |
|
SSD (ATA) |
To use hdparam , boot to a Linux live-boot CD or USB. |
|
SSD (NVMe) |
To use nvme , boot to a Linux live-boot CD or USB. |
When using a Linux live-boot CD or USB, make sure that the distribution you use has the tool needed. Note that these tools can be very effective (and destructive!) when used in this way. The precise syntax of each command may vary. See your local info or man pages to ensure correct syntax before executing.
Q. How do I fill out the Data Scrub Label?
A. (For non-IT Professionals) Find an IT Professional proficient on the platform (Windows/Mac/Linux/etc) in question and request that they perform the task.
(For IT Professionals) Below are the steps to fill out the Data Scrub Label (listed under "Additional Resources").
- Affix a Scrub Label to the front of the item to certify that you have removed the data.
- Write the name of the unit or organization name that owns the device (e.g., School of Engineering IT).
- Write the PTag of the device if it has one. Otherwise, write a short description (e.g, Red SSD 256 GB).
- Write the serial number of the device if it has one. Otherwise, write "N/A".
- Please circle the Data Classification that was on the device before the scrub.
See: Security, Data Classification - On the next three lines check the appropriate action(s):
- Check and then circle "Data Overwritten" if the data was overwritten. Check and then circle "Digitally Reset" if using a drive management tool such as
hdparm
. - Check "Inoperable Device" if the device is inoperable and cannot run data elimination software.
- Check "Encryption Key Destroyed" if the encryption key was destroyed for the storage volume.
- Check and then circle "Data Overwritten" if the data was overwritten. Check and then circle "Digitally Reset" if using a drive management tool such as
- Describe briefly what was used to overwrite the software (hardware or woftware).
- Print your name and title.
- Sign and date the task was performed.
Q. Can I trust that the data is irrecoverable after scrubbing?
A. To an extent, but the only completely risk-free way of purging data is physical destruction. If you are concerned enough to ask the question, physical destruction is probably the answer.
Q. Can I just RMA or throw away a digital storage device?
A. No. The device must be scrubbed, overwritten, or destroyed before it is released or discarded, per the data classification requirements.
Q. What if the device to be RMA'd or discarded is broken?
A. All broken storage devices with University data are required to be degaussed or destroyed before they are released.
Q. What needs to be done before sending a machine to surplus?
A. Before sending a drive to Surplus:
- For a functioning drive, erase it to campus policy standards (see above), and send it to Surplus.
- For a non-functioning drive, write "DEGAUSS" on it. When you have collected enough drives, send them to Surplus to be degaussed. The Surplus team has a degausser on site. If chain of custody needs to be maintained special arrangements can be made with the Surplus team ahead of time so IT Pros can witness degaussing operations.
See the OBFS page on how to Dispose of Unneeded Equipment.
Q. What services can I use to procure hard drive destruction and what must I do?
A. For HDDs with Sensitive data and below, overwritting (at least one full pass) or degaussing are acceptable forms of data destruction. The Surplus Warehouse has an industrial degausser. See above.
For HDDs with High-Risk data system managers must complete the High-Risk Data Storage Device Disposal Preprocess Protocol found in the IT15.2.2 control.
Q. Are there any steps I should take to ensure compliance with University data retention schedules?
A. Some regulations do require organizations to track and document actions taken during storage media disposal. If you have questions regarding retention requirements, we recommend you contact the Records and Information Management group.
Q. What if I have additional questions about the IT15 Security Standards or cybersecurity in general?
A. Additional questions regarding data destruction and cybersecurity can be directed to securitysupport@illinois.edu.