Security, Data, Disk, and Device Disposal FAQ
Data, Disk, and Storage Device Disposal FAQ
HIGH RISK DATA NOTE: Devices that hold or that once held High Risk Data (PHI, credit card, SSN, DL#, banking, export control) must be physically destroyed before they are released.For storage media disposal requirements, see University IT Security Standard IT15-Storage Media Security, at https://go.illinois.edu/secstd-IT15
Q. What do you mean by "scrub" or "overwrite"?
A. Scrubbing or overwriting means writing over each bit on spinning-platter-type hard drives with random ones and zeroes. Drives containing high risk information however must be physically destroyed.
Q. Can I just RMA or throw away a digital
A. No. The device must be scrubbed, overwritten, or destroyed before it is
released or discarded.
Q. What if the device to be RMA'd or discarded
A. All broken storage devices with University
data are required to be degaussed or destroyed
before they are released.
Q. How might I scrub or overwrite a digital storage device?
||DBAN, Liveboot CLI++||
++ use a Linux live-boot distro and "dd" to overwrite* the target HDD
||"ATA Secure erase"
Q. What needs to be done before sending a machine to surplus?
A. See the OBFS page on how to Dispose of Unneeded Equipment .
Q. Can you show me where to get disk disposal labels?
A. Yes. You can make your own labels to place on the surplus/scrapped machine by downloading the following file and printing it onto Avery label paper.