Privacy and Information Security, Disposing of equipment
Security information from Technology Services Privacy and Information Security team.
To protect University information, any University-owned equipment must be disposed of through defined procedures. See Dispose of Unneeded Equipment for details.
Electronic equipment and digital media that contains University data must be properly sanitized or scrubbed before disposal.
If digital media has been used to store High-Risk data, it must be destroyed before disposal, regardless of its potential usability.
For the full policy on storage media, see IT15-Storage Media Security Standard.
Drives should be overwritten.
If the drive in a computer or device cannot be overwritten due to physical failure, University Surplus will take it as is. If the drive is not overwritten, University Surplus must be notified prior to receiving the drive.
For devices such as copiers, if the drive can't be pulled and wiped, then it is sufficient if the vendor gives written assurance (email is sufficient) that the drive will be overwritten or destroyed.
If a drive purchased independently from a computer or device cannot be overwritten due to physical failure, it must be destroyed.
Per the CAM, digital media should be overwritten a minimum of once before being transferred between individuals or turned over to University Surplus.
Media that cannot be rewritten must be destroyed.
Media that has been used to store High-Risk data must be destroyed.
Digital Media Sanitization Chart
Possible Sanitization Method
Overwrite or Degauss
Overwrite or Degauss
Optical disks (CD/DVD/BD)
Hard drives (HDD/SSD)
Overwrite, FDE with key deletion, or Degauss (HDD only)
Memory (flash drives)
Devices with inaccessible storage media (tablets, cell phones, copiers, etc.)
Perform full hard reset as specified by device manufacturer
Many modern hard drives and magnetic tapes will be rendered unusable by being degaussed, and this has the same effect as destruction of the drive as regards reuse of the hardware. If the intention is to reuse the device/media after sanitization is completed, perform sanitization via overwriting.
For transfer to University Surplus a single-pass overwrite is acceptable, such as the DBAN's 'quick erase' mode.
If media is transferred between individuals within the same workgroup (ie, between researchers within the same research group), media does not need to be overwritten, provided that the recipient is authorized to access all data stored on the media in question.
If systems containing digital media are returned to the vendor or a service provider for replacement or repair, the vendor must provide written assurance (email communications are considered sufficient) that the drive will be handled securely, and that the drive will be overwritten or destroyed if it is not returned. If the drive stores sensitive data and is operative, the data must be overwritten before the system is sent to the vendor.
Several examples of drive overwriting are as follows:
If magnetic tapes are overwritten to render them prepared for transfer or disposal, they must be treated as equivalent to hard drives before they are transferred or disposed of.
In the case of overwriting flash drives before transfer, overwriting once is considered sufficient to render them sanitized for transfer.
Suitable methods of media/device destruction are as follows:
Pulverization - Reduce the device/media into small enough pieces to make recovery of data very difficult, if not impossible. This is typically done via a series of hydraulic or pneumatic impact devices.
Shredding - Cutting the device/media into either strips or small chunks (in the case of cross-cut shredders). Strip shredders are sufficient.
Full Disk Encryption (FDE) with key deletion
If full disk encryption is used on the device in question, destruction of the keys used to access the encrypted disk is considered to be sufficient device sanitization.
Devices with inaccessible storage media
Portable devices such as smartphones and tablets typically do not provide direct access to the device's storage, so it cannot be easily overwritten. To render these devices suitable for transfer/disposal, perform a full "hard" reset (i.e., a reset operation which erases all data and restores the devices to its factory defaults). If such a reset operation is not possible, all user data on the device must be manually deleted.
Records of data sanitization must be maintained, and copies of said records must accompany any digital media when it is transferred to Surplus. Data sanitization records must include the following information:
The method of sanitization used
The date and time that the sanitization was performed
The person responsible for performing the data sanitization
Whether High-Risk data had been stored on the media that was sanitized