Data Sanitization and Disposal Policy
Policy number | 12-05 |
Responsible office | Information Technology |
Enforcement official |
Enforcement official
Campus Information Security Committee
|
Classification | Board of Trustees-delegated Policy |
Category | Information Technology and Data Security |
Statement of policy
What must be done before equipment is cascaded, surplused or discarded.
Summary of contents/major changes
Purpose
Digital storage devices which contain licensed software programs and/or institutional data must be reliably erased and/or destroyed before the device is transferred out of University control, or erased before being transferred from one University department or individual to another. Western Michigan University is committed to compliance with federal statutes associated with the protection of confidential information as well as ensuring compliance with software licensing agreements.
Scope
All employees of Western Michigan University have a responsibility to ensure the confidentiality of University information residing on the computer systems and other digital storage devices as well as any non-reusable media they use, whether it be University or personally owned.
All computers and digital storage devices including, but not limited to desktop workstation, laptop, server, notebook, tablet, and handheld computer hard drives; external hard drives; and all external data storage devices such as disks, flash drives, DVD, and CD, are covered under the provisions of this policy.
Procedure statements
- All electronic storage media should be sanitized when it is no longer necessary for business use, provided that the sanitization does not conflict with University data retention policies.
- All electronic storage media should be sanitized prior to sale, donation or transfer of ownership. A transfer of ownership may include transitioning media to someone in your department with a different role, relinquishing media to another department, or replacing media as part of a lease agreement.
- All University employees are responsible for the sanitization of non-reusable electronic media before disposal. Similar to shredding paper reports, CDs and other non-rewritable media should be destroyed before disposal.
- Deans, directors and department heads are responsible for the sanitation of all WMU owned electronic devices and computer systems in their units prior to removal from a department or the campus. This responsibility may be delegated within the college as deemed appropriate.
- Any disposal of computer equipment and media storage devices must comply with all surplus disposal procedures as defined by the logistical services department.
NOTE: When removing sensitive information, do not forget storage devices such as thumb drives, back-up external hard drives and CDs. Also, be sure to erase any stored names and numbers from phones and fax machines.
Enforcement
Any person found to be in violation of this procedure will be subject to appropriate disciplinary actions as defined by current University policy and/or collective bargaining agreements.
Related Links
Effective date of current version | October 1, 2011 |
Proposed date of next review | October 1, 2019 |