The University has long recognized that confidentiality and privacy mandates the removal of student and staff data from computers that are to be reused. The Illinois Data Security on State Computers Act of 2003 required all magnetic media to be overwritten or "scrubbed" ten times before being sent to surplus. The goal was to ensure that sensitive information was unrecoverably erased before being surplused. Previous University of Illinois and UIC guidelines were formulated in response to this law.
The recent Illinois Executive Order 2006-12 [pdf] was issued in response to a general lack of compliance to the 2003 law. The Executive order charged the Illinois Department of Central Management Services (CMS) to implement policies to assure compliance. CMS has stated that it will not accept electronic items for surplus unless they are scrubbed by an outside vendor, which CMS has contracted with for the entire state. Thus the legal obligation for the University to thoroughly scrub electronic media prior to surplusing has been eliminated.
The existing policy is being modified to eliminate unnecessary and redundant media scrubbing while still protecting the University and the University Community from accidental or unintended data releases via the surplus process. This revision changes the existing policy in two dimensions
While one could argue that it is unnecessary to require even this single pass such a position is based on unrealistic assumptions:
The arguments for requiring a single pass erasure of magnetic media are quite compelling:
This section was from the Revised Administrative Policy on Disposal of Digital Media, which is official Administrative Policy of the University of Illinois.
Please note that it is illegal to destroy University equipment (disk drives, computers, etc...). University Surplus should always be contacted to remove equipment to be destroyed. CDs, DVDs and similar media may be shredded as an acceptable method for destruction at the end of their useful lifetime. Detailed information on surplus procedures can be found in the Office of Business and Financial Services disposal manual.
|Media/Device||Required Sanitization Method|
|Floppy disks||Degauss, overwrite, or destroy|
|Optical disks (CD/DVD)||Destroy|
|Hard drives||Overwrite or full drive encryption with key deletion|
|Memory - flash drives||Overwrite or destroy|
|Portable devices (ie, PDAs, cell phones)||Full hard reset as specified by device manufacturer|
Note: You should never simply toss a drive into the trash, even if it is broken. You should always contact surplus; they will arrange for its secure disposal.
When transferring magnetic media, the level of overwriting required depends on where you are transferring it to.
|Destination for Media||Required/Recommended||Best Practice|
|University Surplus||Single pass, such as the DBAN software's quick erase mode||Department of Defense Short or equivalent|
|Transfer between units||Single pass||DoD Short or equivalent|
|Transfer between individuals||Single pass||DoD Short or equivalent|
|Transfer between individuals within a workgroup||None: If media is transferred between individuals within the same workgroup (ie, between researchers within the same research group), media does not need to be overwritten, provided that the recipient is authorized to access all data stored on the media in question.|
|Transfer outside of University||DoD Short||DoD Short or equivalent|
|Return of non-functional drive to vendor||Written assurance from vendor: If systems containing digital media are returned to the vendor or a service provider for replacement or repair, the vendor must provide written assurance (email communications are considered sufficient) that the drive will be handled securely, and that the drive will be overwritten or destroyed if it is not returned. If the drive stores sensitive data and is operative, the data must be overwritten before the system is sent to the vendor.|
For transfer to University Surplus a single-pass overwrite is acceptable, such as the DBAN software's quick erase mode. All other transfers should use the DoD Short method 2 or its equivalent. The DoD Short method as implemented by DBAN uses three of the seven passes specified by the Department of Defense 5220.22-M. This will provide a good balance of speed and security in the overwriting process.
UIC has site licenses for special software is available to perform the data scrubbing. The software is Active Eraser for Windows (or any DOS/Bootable personal computer such as a Linux PC) The software is available through the University of Illinois WebStore, free of charge to all faculty and staff. For more information on this software, see Secure Data Erasers for Windows and Macs.
Media destruction is only permissible in the case of optical disks (such as CDs or DVDs), floppy disks, and magnetic tapes. Accepted methods are the following:
Incineration or Pulverization, which must be performed by the CMS approved/selected vendor.
Shredding, which can be done locally. Strip shredders are considered sufficient; digital media does not need to be shredded using a cross-cut shredder.
Each machine that is transferred must have a label attached to the machine that includes the following information:
Label templates (Microsoft Word format):