University Guidelines on the Sale, Donation, or Transfer of Computer Hard Drives and Other Magnetic Media

Revision Date: April 26, 2011
Version: 1.00

The University has long recognized that confidentiality and privacy mandates the removal of student and staff data from computers that are to be reused. The Illinois Data Security on State Computers Act of 2003 required all magnetic media to be overwritten or "scrubbed" ten times before being sent to surplus. The goal was to ensure that sensitive information was unrecoverably erased before being surplused. Previous University of Illinois and UIC guidelines were formulated in response to this law.

The recent Illinois Executive Order 2006-12 [pdf]  was issued in response to a general lack of compliance to the 2003 law. The Executive order charged the Illinois Department of Central Management Services (CMS) to implement policies to assure compliance. CMS has stated that it will not accept electronic items for surplus unless they are scrubbed by an outside vendor, which CMS has contracted with for the entire state. Thus the legal obligation for the University to thoroughly scrub electronic media prior to surplusing has been eliminated.

University of Illinois Guidelines, Revised July 2008

The existing policy is being modified to eliminate unnecessary and redundant media scrubbing while still protecting the University and the University Community from accidental or unintended data releases via the surplus process. This revision changes the existing policy in two dimensions

  • the number of overwrites required is reduced from 10 to 1 before magnetic media will be accepted by University Surplus
  • the required mechanism used for overwriting has been made more flexible

While one could argue that it is unnecessary to require even this single pass such a position is based on unrealistic assumptions:

  • No magnetic media will ever be overlooked or mismanaged
  • No employee at the company will ever steal equipment prior to scrubbing
  • No magnetic media will ever be lost on the way to the company handling the scrubbing

The arguments for requiring a single pass erasure of magnetic media are quite compelling:

  • Legal indemnification for a data disclosure will not protect the University from reputational damage.
  • Legal indemnification for a data disclosure will not protect individuals should personal data be accidentally disclosed.
  • It is quite likely that some instance of lost or stolen equipment will occur as media from 3 campuses are collected and sent to the vendor.

This section was from the Revised Administrative Policy on Disposal of Digital Media, which is official Administrative Policy of the University of Illinois.

Digital Media Sanitization

Please note that it is illegal to destroy University equipment (disk drives, computers, etc...). University Surplus should always be contacted to remove equipment to be destroyed. CDs, DVDs and similar media may be shredded as an acceptable method for destruction at the end of their useful lifetime. Detailed information on surplus procedures can be found in the Office of Business and Financial Services disposal manual.

Media/Device Required Sanitization Method
Magnetic tapes Overwrite
Floppy disks Degauss, overwrite, or destroy
Optical disks (CD/DVD) Destroy
Hard drives Overwrite or full drive encryption with key deletion
Memory - flash drives Overwrite or destroy
Portable devices (ie, PDAs, cell phones) Full hard reset as specified by device manufacturer

Note: You should never simply toss a drive into the trash, even if it is broken. You should always contact surplus; they will arrange for its secure disposal.

Overwriting Data

When transferring magnetic media, the level of overwriting required depends on where you are transferring it to.

Destination for Media Required/Recommended Best Practice
University Surplus Single pass, such as the DBAN software's quick erase mode Department of Defense Short or equivalent
Transfer between units Single pass DoD Short or equivalent
Transfer between individuals Single pass DoD Short or equivalent
Transfer between individuals within a workgroup None: If media is transferred between individuals within the same workgroup (ie, between researchers within the same research group), media does not need to be overwritten, provided that the recipient is authorized to access all data stored on the media in question.  
Transfer outside of University DoD Short DoD Short or equivalent
Return of non-functional drive to vendor Written assurance from vendor: If systems containing digital media are returned to the vendor or a service provider for replacement or repair, the vendor must provide written assurance (email communications are considered sufficient) that the drive will be handled securely, and that the drive will be overwritten or destroyed if it is not returned. If the drive stores sensitive data and is operative, the data must be overwritten before the system is sent to the vendor.  

For transfer to University Surplus a single-pass overwrite is acceptable, such as the DBAN software's quick erase mode. All other transfers should use the DoD Short method 2 or its equivalent. The DoD Short method as implemented by DBAN uses three of the seven passes specified by the Department of Defense 5220.22-M. This will provide a good balance of speed and security in the overwriting process.

Software for Overwriting Data

UIC has site licenses for special software is available to perform the data scrubbing. The software is Active Eraser for Windows (or any DOS/Bootable personal computer such as a Linux PC) The software is available through the University of Illinois WebStore, free of charge to all faculty and staff. For more information on this software, see Secure Data Erasers for Windows and Macs.

Destroying Media

Media destruction is only permissible in the case of optical disks (such as CDs or DVDs), floppy disks, and magnetic tapes. Accepted methods are the following:

Incineration or Pulverization, which must be performed by the CMS approved/selected vendor.
Shredding, which can be done locally. Strip shredders are considered sufficient; digital media does not need to be shredded using a cross-cut shredder.

Tagging Sanitized Machines

Each machine that is transferred must have a label attached to the machine that includes the following information:

  • unit/department,
  • what method of sanitization was used; the three are only acceptable
  • data overwritten
  • device inoperable
  • degaussed with a federally approved device, Degausser Evaluated Products List (200 KB PDF, Fort Meade, Maryland)
  • who performed the data sanitization
  • date and time that the sanitization was performed

Label templates (Microsoft Word format):

Further Information