Security, Data, Disk, and Device Disposal FAQ

Data, Disk, and Storage Device Disposal FAQ

HIGH RISK DATA NOTE: Devices that hold or that once held High Risk Data (PHI, credit card, SSN, DL#, banking, export control) must be physically destroyed before they are released.

For storage media disposal requirements, see University IT Security Standard IT15-Storage Media Security,  at https://go.illinois.edu/secstd-IT15


Q. What do you mean by "scrub" or "overwrite"?

A. Scrubbing or overwriting means writing over each bit on spinning-platter-type hard drives with random ones and zeroes. Drives containing high risk information however must be physically destroyed.


Q. Can I just RMA or throw away a digital storage device?

A. No. The device must be scrubbed, overwritten, or destroyed before it is released or discarded.


Q. What if the device to be RMA'd or discarded is broken?

A. All broken storage devices with University data are required to be degaussed or destroyed before they are released.


Q. How might I scrub or overwrite a digital storage device?

A. (For non-IT Professionals) Find an IT Professional proficient on the platform (Windows/Mac/Linux/etc) in question and request that they perform the overwrite.
A. (For IT Professionals) Below are a few ideas on how to meet the requirement, both for SSD and for HDD.

Spinning-platter HDD
DBAN, Liveboot CLI++ ++ use a Linux live-boot distro and "dd" to overwrite* the target HDD
SSD
"ATA Secure erase"
  See https://www.makeuseof.com/tag/securely-erase-ssd-without-destroying/
*Note 1: dd can be very effective (and destructive!) when used in this way. The precise syntax of the dd command may vary - see your local info or man pages to ensure correct syntax before executing


Q. What needs to be done before sending a machine to surplus?

A. See the OBFS page on how to Dispose of Unneeded Equipment .


Q. Can you show me where to get disk disposal labels?

A. Yes. You can make your own labels to place on the surplus/scrapped machine by downloading the following file and printing it onto Avery label paper.

Avery 5160 (30 labels/sheet, 1" x 2 5/8")

Avery 5163 (10 labels/sheet, 2" x 4")




Keywords:security, privacy, data, scrub, overwrite, wipe, dban, disposal, disk, storage, information, destroy, recycle, surplus, RMA, FAQ,   Doc ID:69861
Owner:Security S.Group:University of Illinois Technology Services
Created:2017-01-10 12:26 CDTUpdated:2018-07-03 10:07 CDT
Sites:University of Illinois Technology Services
Feedback:  1   0