• Home
  • Electronic Data Disposal Policy

Electronic Data Disposal Policy

Policy
Purpose: 

Data confidentiality is an issue of legal and ethical concern. The purpose of this policy is to provide for proper cleaning or destruction of sensitive/confidential data and licensed software on all computer systems, electronic devices and electronic media being disposed, recycled or transferred either as surplus property or to another user.

Applies to: 

University employees (e.g., faculty, staff, student employees) and other covered individuals (e.g., affiliates, vendors, independent contractors, etc.) in their handling of University data, information and records in electronic form during the course of conducting University business (administrative, financial, teaching, research or service).

Campus: 
Lawrence
Policy Statement: 

The University of Kansas requires that before any computer system, electronic device or electronic media is disposed, recycled or transferred either as surplus property or to another user, the system, media or device must be either:

  • properly sanitized of University sensitive/confidential data and software, or
  • properly destroyed.

Any official University records must be appropriately retained / disposed of based on the University’s records retention policy prior to erasure or destruction of the system, device or media.

Electronic media must be sanitized following the guidelines in NIST Special Publication 800-88, “Guidelines for Media Sanitization”. The specific procedures and requirements to be followed when cleaning or destroying computer systems, electronic devices and electronic media are found in the Electronic Data Disposal Procedure document.

Consequences: 

Faculty, staff and student employees who violate this University policy may be subject to disciplinary action for misconduct and/or performance based on the administrative process appropriate to their employment.

Students who violate this university policy may be subject to proceedings for non-academic misconduct based on their student status.

Faculty, staff, student employees and students may also be subject to the discontinuance of specified information technology services based on the policy violation.

Contact: 

Chief Information Officer
345 Strong Hall
1450 Jayhawk Blvd
Lawrence, KS 66045
785-864-4999
kucio@ku.edu

Approved by: 
Provost and Executive Vice Chancellor
Approved on: 
Thursday, August 14, 2008
Effective on: 
Thursday, August 14, 2008
Review Cycle: 
Annual (As Needed)
Definitions: 

These definitions apply to these terms as they are used in this document.

Sanitization (of computer hard drives) Removing data on a system through one or more various methods that may include overwriting or erasing data utilizing the methods described in NIST Special Publication 800-88.
Degaussing Process by which storage media is subjected to a powerful magnetic field to remove the data on the media.
Keywords: 
Secure data disposal, electronic shredding, erasing media, data removal, discarding computers, data wipe, media sanitization
Review, Approval & Change History: 

11/17/2014: Policy formatting cleanup (e.g., bolding, spacing).

08/17/2010: Updated to reflect NIST Guidelines for Media Sanitization.

Information Access & Technology Categories: 
Privacy & Security

Can't Find What You're Looking For?
Policy Library Search
KU Today
One of 34 U.S. public institutions in the prestigious Association of American Universities
44 nationally ranked graduate programs.
—U.S. News & World Report
Top 50 nationwide for size of library collection.
—ALA
23rd nationwide for service to veterans —"Best for Vets," Military Times