Security Compliance, Electronic Data, Disk, SSD, or Other Storage Device Disposal
Data, Disk, SSD, Media, and Storage Device Disposal FAQ
Q: What's the university policy regarding disposal or surplus of electronic storage media and/or storage devices?
Q: What actions must I take before releasing or disposing of storage devices or storage media?
Storage device or media |
Action (at least one must be performed) |
|
---|---|---|
High-risk data (Health information/PHI, payment card, SSN, DL#, banking, export control, compartmentalized, etc.) |
HDD (magnetic, spinning-platter type), Magnetic Tape, Other* |
· Crush/Shred |
High-risk data |
M.2, SSD, or flash |
· Crush/shred |
Sensitive data (FERPA, etc.) |
M.2, SSD, or flash |
· Overwrite/scrub (must be verified) · Crush/shred |
Sensitive data |
HDD (magnetic, spinning platter- type), Magnetic Tape, Other* |
· Overwrite/scrub (must be verified) · Degauss · Crush/shred |
Sensitive data |
Encrypted storage** |
· Verify device is completely encrypted, then delete all encryption keys such that they are completely irrecoverable and officially document.*** |
Internal data & Public data |
M.2, SSD, or flash |
· Overwrite/scrub · Crush/shred |
Internal data & Public data |
HDD (magnetic, spinning platter- type), Magnetic Tape, Other* |
· Overwrite/scrub · Degauss · Crush/shred |
Internal data & Public data |
Encrypted storage** |
· Verify device is completely encrypted, then delete all encryption keys such that they are completely irrecoverable and officially document.*** |
* "Other” includes optical media (e.g., CDs or DVDs), magnetic media (e.g., tapes or diskettes), disk drives (e.g., external, portable, or disk drives removed from information systems)
** Any university-managed device with strong, full-disk encryption for its entire service life including both flash and magnetic storage types
*** File-level encryption does not meet this requirement, nor does a device that was unencrypted for any length of time. Actions must be complete, and auditable
Q. What do you mean by "scrub" or "overwrite"?
A. On spinning-platter and magnetic type hard drives, scrubbing or overwriting means writing over each bit with random ones and zeroes.
For flash memory and SSDs a different approach must be taken because it operates differently than magnetic media. Most SSDs have special data purge commands built into their hardware. These should overwrite the data in multiple passes using a pattern in the first pass and a complement in the second pass.
Q. How might I scrub or overwrite a digital storage device?
Spinning-platter HDD |
Secure Erase, Liveboot CLI++ | ++ use a Linux live-boot distro and "dd" to overwrite* the target HDD |
---|---|---|
SSD | "ATA Secure erase" | See e.g. https://www.makeuseof.com/tag/securely-erase-ssd-without-destroying/ |
Q. Can I trust that the data is irrecoverable after scrubbing?
A. To an extent, but the only completely risk-free way of purging data is physical destruction. If you are concerned enough to ask the question, physical destruction is probably the answer.
Q. Can I just RMA or throw away a digital storage device?
A. No. The device must be scrubbed, overwritten, or destroyed before it is released or discarded, per the data classification requirements.
Q. What if the device to be RMA'd or discarded is broken?
A. All broken storage devices with University data are required to be degaussed or destroyed before they are released.
Q. What needs to be done before sending a machine to surplus?
A. Before sending a drive to Surplus:
- For a functioning drive, erase it to campus policy standards (see above), and send it to Surplus.
- For a non-functioning drive, write "DEGAUSS" on it. When you have collected enough drives, send them to Surplus to be degaussed.
See the OBFS page on how to Dispose of Unneeded Equipment.
Q. What services can I use to procure hard drive destruction and what must I do?
A. For HDDs with Sensitive data and below, degaussing is acceptable for data destruction. The Surplus Warehouse has an industrial degausser. See above.
For HDDs with High-Risk data and below, the following vendors offer data destruction services and chain of custody and certificate of destruction documentation.
Vendor
|
Contact Information |
---|---|
Vendor and contract information can be found on the OBFS website located here. | |
Vendor and contract information can be found on the OBFS website located here. | |
Procurri services need to be purchased through CDW. Contact information and information regarding CDW quotes can be found here. |
The table above includes links to contact information for each vendor as well as available contract information. For additional assistance regarding securing vendor services, we recommend contacting your Purchasing Office.
Q. When should I use an on-site service over a shipping option?
A. For devices containing High Risk data or for devices that can't be scrubbed/overwritten, use of an on-site destruction service is recommended. An off-site (shipping) option may provide additional assurance that data is irrecoverable and could be appropriate for scrubbed/overwritten devices containing Public, Internal, or Sensitive data.
Q. Are there any steps I should take to ensure compliance with University data retention schedules?
A. Some regulations do require organizations to track and document actions taken during storage media disposal. If you have questions regarding retention requirements, we recommend you contact the Records and Information Management group.
Q. What if I have additional questions about the IT 15 Security Standards or cybersecurity in general?
A. Additional questions regarding data destruction and cybersecurity can be directed to securitysupport@illinois.edu.