Reaching Others University at Buffalo - The State University of New York
Skip to Content

Data Destruction

An important and often overlooked part of the information life cycle involves proper destruction. When information is no longer needed, or has reached the end of its retention period, you must properly dispose of it. For many types of information, simply deleting it is sufficient. However, you must securely dispose of regulated private data.

Secure Deletion

When deleting regulated private data from your computer, it’s important that you use a secure deletion utility. These utilities complete delete the information from your computer (simply hitting “empty trash” is not enough) If you have any questions about how to obtain and use an appropriate secure deletion utility for your computer, contact your IT support or the Information Security Office.

Secure Disposal/Surplus of Equipment, Media and Paper

When disposing of CDs, DVDs, paper and other media that contains regulated private data, you must shred it before recycling it. For small amounts of media, a standard cross cut office shredder is recommended. For large amounts of media, we recommend contacting Shred-It.

When disposing of old equipment that was used to work with regulated private data, you must either completely wipe the equipment’s drives using DBAN (if the equipment is being classified as surplus) or you must ask the recycler to destroy the drives (if the equipment is being classified as scrap). Your IT support should be consulted when disposing of old equipment.

Surplus

Either securely erase the drive or, if not possible, ask your local IT support to remove the drive. You can then surplus the equipment and scrap the drive.

Scrap

If you do not need certification of drive destruction, University Facilities can have the drive destroyed as part of the normal recycling (scrap) process. Be sure to specifically ask for drive destruction. If you need certification of destruction, the UB IT community recommends using Shred-It.

Print Device Hard Drive Information

Many multi-function office printers now come with hard drives that can store documents. This makes the printer more convenient to use, but can also expose the university to considerable risk if the drive is not securely disposed of– your scanned, printed and faxed documents may still be recoverable. If possible, your printer should be configured to securely delete documents from its internal hard drive; consult your local IT support on how to turn this on. When disposing of your multi-function printer, if you’re unable to determine if all documents were securely deleted from it, you must ask the vendor performing the disposal to certify in writing (a receipt) that the drive has been destroyed.

Enabling Secure Deletion of Printer Hard Drives

Each of the following links contains documentation on how to wipe the hard drive of a printing device by manufacturer. Some manufacturers provide a feature whereby the printer will continuously or periodically wipe its hard drive; you should enable this feature when available.

Also, the EDUCAUSE & Internet2 Higher Education Information Security Council (HEISC) has gathered resources on this topic and developed a list of steps to take when trying to secure a copier, printer, or other multi-function device.

Did This Page Answer Your Question?

(Required)
 
Email, UBITName or phone number
(Required)
Enter both words below, separated by a space. If either word appears unclear, click 'Get a new challenge' to receive two new words.