On the Destruction of Data

 

On the Destruction of Data
As of: 9-15-2016
Robert Broughman
Projects dealing with confidential data - Personally Identifiable Information, Personal Health Information, credit card; normally contain a clause requiring the destruction of data within a specified period of time after the end of the project. That data destruction must be acceptable means and sometimes includes the clause something like "for readily accessible storage". Some contracts require proof of data destruction, which we provide via the attached form: Certificate of Destruction. Your contract may require that you have this notarized, which means you need a witness willing to collaborate on destruction. You can note different methods for different data.

 

Type of Data Method of Destruction - Researcher Method of Destruction - IT Proof of Data Destruction
Individual Electronic Files - include, but not limited to, files on internal or external computer or printer hard drives (IDE, SCSI, SATA USB, or other type of connector), Thumb, Zip or Jaz drives, floppy disks, magnetic tapes, VHS tapes, cassette tapes, etc. Shredding - use PGP File Shredder to overwrite the files, set to 3 passes as to exceed the DoD 5520.22 M standard. Confidential data on the "Y:\ drive" are backed up to encrypted disks; those copies cannot be deleted at the file level. The incremental and full backups are overwritten after 90 days. Backups to disk are not "readily accessible storage". Fill out Certificate of destruction (attached below).
Magnetic Media – include, but not limited to, internal or external computer or printer hard drives (IDE, SCSI, SATA USB, or other type of connector), Zip or Jaz drives, floppy disks, magnetic tapes, VHS tapes, cassette tapes, etc. Contact the Help Desk if this is required. Degaussing - Hard drives, tapes and other electronic media are placed in a device that subjects them to repeated, strong electromagnetic pulses

Pulverizing - Hard drives and other electronic devices, for use when degaussing is not an option, the device will be reformatted if possible, then have holes drilled through it with a drill.



 
Small Amount of Documents and Records include, but not limited to, CD/DVDs, papers, letters, maps, books, photographs, etc. Shredding – shredding of Paper files and CDs can be performed at the large cross cut shredder in Contracts, RM 4218.


 



 
Bulk Documents and Records include, but not limited to, CD/DVDs, papers, letters, maps, books, photographs, etc. If you have a large quantity of paper to shred an external contractor with a mobile shredder on a truck can be called.


 
Contact FOS and get a copy of their certificate/receipt of destruction to attach to UI’s Certificate of Destruction.

You can download the certificate of data destruction as a pdf file below.

If you have any questions or need a witness, contact the Security Officer – Robert Broughman, x5558

There are several notary public in the building to notarize the Certificate of Destruction – consult http://uint.urban.org/HR/siteindex.cfm#N

Back to top

 

Attachments

Certificate_of_Destruction.pdf Certificate_of_Destruction.pdf