Electronic Data Disposal Policy
Data confidentiality is an issue of legal and ethical concern. The purpose of this policy is to provide for proper cleaning or destruction of sensitive/confidential data and licensed software on all computer systems, electronic devices and electronic media being disposed, recycled or transferred either as surplus property or to another user.
University employees (e.g., faculty, staff, student employees) and other covered individuals (e.g., affiliates, vendors, independent contractors, etc.) in their handling of University data, information and records in electronic form during the course of conducting University business (administrative, financial, teaching, research or service).
The University of Kansas requires that before any computer system, electronic device or electronic media is disposed, recycled or transferred either as surplus property or to another user, the system, media or device must be either:
- properly sanitized of University sensitive/confidential data and software, or
- properly destroyed.
Any official University records must be appropriately retained / disposed of based on the University’s records retention policy prior to erasure or destruction of the system, device or media.
Electronic media must be sanitized following the guidelines in NIST Special Publication 800-88, “Guidelines for Media Sanitization”. The specific procedures and requirements to be followed when cleaning or destroying computer systems, electronic devices and electronic media are found in the Electronic Data Disposal Procedure document.
Faculty, staff and student employees who violate this University policy may be subject to disciplinary action for misconduct and/or performance based on the administrative process appropriate to their employment.
Students who violate this university policy may be subject to proceedings for non-academic misconduct based on their student status.
Faculty, staff, student employees and students may also be subject to the discontinuance of specified information technology services based on the policy violation.
Office of the Chief Information Officer
1001 Sunnyside Avenue
Lawrence, KS 66045
These definitions apply to these terms as they are used in this document.
|Sanitization (of computer hard drives)||Removing data on a system through one or more various methods that may include overwriting or erasing data utilizing the methods described in NIST Special Publication 800-88.|
|Degaussing||Process by which storage media is subjected to a powerful magnetic field to remove the data on the media.|
01/26/2022: Updated contact section.
11/17/2014: Policy formatting cleanup (e.g., bolding, spacing).
08/17/2010: Updated to reflect NIST Guidelines for Media Sanitization.