Table of Contents
Reason for This Policy
Statement of Policy
Who
Should Know This Policy
Related Documents
Contacts
Definitions
Compliance
Procedures
Responsibilities
Reason for this Policy
Purdue University is dedicated to ensuring the privacy and
security of user data. This includes the proper disposal
of electronic media containing personal and other data. Due
to the diverse nature of the data stored on hard drives,
removable media, and other Storage Devices, it is necessary
to ensure proper media disposal to prevent unauthorized use
after removal from service. This policy is guided by the
following objectives:
- Increased safety of restricted and sensitive
data.
- Broad awareness of the dangers of improper
data disposal;
- Increased emphasis on secure disposal of
data storage systems
- A consistent policy of Storage Device cleaning
and security; and
- Increased confidence by students and employees
that personal and other data is handled in a confidential
manner.
- Consistency with existing policies and procedures.
Statement of Policy
It is crucial that University data and software licensed
to the University be removed from Storage Devices when they
are moved or retired from University service. Student and
employee information stored on these systems is classified
under the Administrative Computing Policies for Electronically
Stored (Computer based) systems. Ensuring adequate destruction
of data is the responsibility of the unit that owns the equipment,
and must not be delegated to an outside group without suitable
contractual obligations.
Information Destruction and Information Systems
Equipment Disposal
Departmental Managers are responsible for the prompt and
proper disposal of surplus property no longer needed for
business activities. Disposal of information systems equipment
must proceed in accordance with procedures established by
ITaP Security and Privacy, including the irreversible removal
of information and software.
Who Should Know This Policy
- President
- Provost
- Executive Vice President and Treasurer
- Chancellors
- Vice Presidents
- Deans
- Directors/Department Heads
- Department Managers
|
- Principal Investigators
- Faculty
- Business Office Staff
- Administrative and Professional Staff
- Clerical and Service Staff
- All Employees
- Undergraduate Students
- Graduate Students
|
Related Documents
The following web link is Peter Gutmann's paper entitled "Secure
Deletion of Data from Magnetic and Solid-State Memory", a
description of the risks and vulnerabilities of magnetic
storage media.
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
The federal government provides the U.S. Department of Defense
5220.22M Cleaning and Sanitizing standard.
http://www.dss.mil/isec/nispom.htm
The following web link provides information on the security
requirements for handling information developed by the appointed
administrative data owners.
http://www.itap.purdue.edu/security/policies/procedures/dataHandling.cfm
Contacts
Definitions
| Word |
Definition |
Departmental Manager |
An individual designated
by a Dean, Director, or Department Head responsible
for the prompt and proper disposal of surplus property
no longer needed for business activities |
| IT Resource |
All tangible and intangible
computing and network assets
provided by or for the University to further its mission
of discovery, learning, and engagement. Examples of
such assets include, but are not limited to, hardware,
software, Purdue Airlink, network bandwidth, mobile
devices, electronic information resources, printers,
and paper. |
| Public |
Information which may
or must be open to the general public. It is defined
as information with no existing local, national or international
legal restrictions on access. |
| Restricted |
Information protected
because of protective statutes, policies or regulations.
This level also represents information that isn't by default
protected by legal statue, but for which the Information Owner
has exercised their right to restrict access. |
| Secure Fashion |
In the context of the
destruction of paper and electronic documents, this refers
to a method that defeats both casual and deliberate
attempts at theft -- e.g., the shredding of documents and the
use of 'confidential' recycling bins. For electronic documents, this
refers to explicit deletion or storage on a device protected by a password-based
security system using encryption. |
| Sensitive |
Information whose access
must be guarded due to proprietary, ethical, or privacy
considerations. This classification applies even though
there may not be a civil statute requiring this protection. |
| Storage Device |
Any physical device
used to store electronic information including, but
not limited to, diskettes, rigid disk drives, and solid
state mass storage devices. |
| |
|
Compliance
On each campus, the assigned Departmental Manager or other
designated individual will be responsible for monitoring
compliance with this policy.
Employees are responsible for notifying their Departmental
Manager when data they are responsible for is on a system
slated for disposal or retirement and which should be deleted
as per the guidelines above.
For those business needs unable to comply with these
policy requirements, the formal deviation form must be approved
by both the Security and Privacy organization at Purdue and
the assigned Department Manager.
Procedures
-
Existing Departmental Managers are responsible
for overseeing data and disk disposal in his or her area.
-
• Media disposal and wipes should follow
the matrix below. Note that media containing sensitive
data must be destroyed rather than securely deleted.
Media |
Clear/Wipe |
Sanitize |
Tape |
a |
a
or d |
Bernoullis |
a,
b |
d |
Floppies |
a,
b |
d |
Non-Removable
Rigid Disk (hard drive) |
b |
a,
c , or e |
Removable
Rigid Disk (Zip, Jazz, other) |
a,
b |
a,
c , or d |
Optical
Disk (CD-R, CD-RW, other) |
Read
Many, Write Many (CD-RW) |
b |
d |
Read
Only (CD-ROM) |
d |
d |
Write
Once, Read Many (Worm) (CD-R) |
d |
d |
- Degauss (do not degauss hard drives)
- Overwrite all addressable locations with a single
character. (single pass overwrite)
- Overwrite all addressable locations with a character,
its complement, then a random character
and verify. (multiple pass / DoD secure overwrite)
- Destroy - Disintegrate, incinerate, pulverize, shred,
or melt.
- Destruction required only if restricted information
is contained.
- A University approved secure deletion program
will be made freely available to University users, staff,
students, and faculty. Removable media disposal guidelines
will also be published and made easily available.
- The deletion program will be as broadly compatible
as possible;
- Systems not supported by the deletion
program will be provided another option for drive
cleaning if possible;
- Shredders or other systems capable
of properly destroying removable media will be made
available;
- A method for physical destruction of drives from
sensitive systems will be made available.
Responsibilities
| Person |
Responsibility |
Departmental Manager
|
Implementation of this policy statement |
Security and Privacy
|
Approval of policy deviations |
| All Purdue Stakeholders |
Compliance with this policy statement |
|
