This document supplements the requirements of BU Data Protection Guideline 1.2.D - Data Protection Requirements.  It provides information related to the proper disposal of sensitive information in such a way as to prevent its continued use.

Overview

When data is no longer required it must be disposed of in a way that prevents its continued use.   Electronic data can be difficult to dispose of effectively.  Reusable storage devices are intended to have a long service life and may be erased and rewritten continuously during their life.  Hard disk drives, USB storage devices, solid-state memory cards, portable disk drives, floppy diskettes, and data storage tapes are all examples of media intended for reuse.

There are legal, regulatory, contractual, and policy requirements that may extend the duration for which information must be retained beyond its useful life.  Before disposing of data please review the University Record Retention Policy (FA-002).  DO NOT destroy paper or electronic records that the University Record Retention Policy (FA-002) requires be maintained.  In addition, DO NOT destroy records if you have received a “litigation hold” notice from the Office of the General Counsel concerning actual or threatened litigation or if you have reason to believe that documents relate to a dispute that may result in litigation.  If you have any questions, please contact BU Information Security or the Office of the General Counsel before you destroy either paper or electronic records.

Destroying Individual Files on Reusable Media

Public information may be disposed of using the standard delete function provided by your operating system.  However, for most operating systems the delete function merely makes the data unavailable via the standard user interface but does not actually remove it from the storage device.  Data deleted in this fashion can be recovered with commonly available tools.  For this reason, extra steps must be taken to ensure that Internal, Confidential, or Restricted Use data is properly destroyed.

There are a wide variety of tools to accomplish this, some of which come with the operating system and some require additional installation.  We recommend: