An important and often overlooked part of the information life cycle involves proper destruction. When information is no longer needed, or has reached the end of its retention period, you must properly dispose of it. For many types of information, simply deleting it is sufficient. However, you must securely dispose of regulated private data.
When deleting regulated private data from your computer, it’s important that you use a secure deletion utility. These utilities complete delete the information from your computer (simply hitting “empty trash” is not enough) If you have any questions about how to obtain and use an appropriate secure deletion utility for your computer, contact your IT support or the Information Security Office.
When disposing of CDs, DVDs, paper and other media that contains regulated private data, you must shred it before recycling it. For small amounts of media, a standard cross cut office shredder is recommended. For large amounts of media, we recommend contacting Shred-It.
When disposing of old equipment that was used to work with regulated private data, you must either completely wipe the equipment’s drives using DBAN (if the equipment is being classified as surplus) or you must ask the recycler to destroy the drives (if the equipment is being classified as scrap). Your IT support should be consulted when disposing of old equipment.
Either securely erase the drive or, if not possible, ask your local IT support to remove the drive. You can then surplus the equipment and scrap the drive.
If you do not need certification of drive destruction, University Facilities can have the drive destroyed as part of the normal recycling (scrap) process. Be sure to specifically ask for drive destruction. If you need certification of destruction, the UB IT community recommends using Shred-It.
Many multi-function office printers now come with hard drives
that can store documents. This makes the printer more convenient to
use, but can also expose the university to considerable risk if the
drive is not securely disposed of– your scanned, printed and
faxed documents may still be recoverable. If possible, your printer
should be configured to securely delete documents from its internal
hard drive; consult your local IT support on how to turn this on.
When disposing of your multi-function printer, if you’re
unable to determine if all documents were securely deleted from it,
you must ask the vendor performing the disposal to certify in
writing (a receipt) that the drive has been destroyed.
Each of the following links contains documentation on how to wipe the hard drive of a printing device by manufacturer. Some manufacturers provide a feature whereby the printer will continuously or periodically wipe its hard drive; you should enable this feature when available.
Also, the EDUCAUSE & Internet2 Higher Education Information Security Council (HEISC) has gathered resources on this topic and developed a list of steps to take when trying to secure a copier, printer, or other multi-function device.