Policy 5307 - Data Sanitization Policy
Effective Date: 11/9/2011
Responsible Office: Property Officer
In compliance with the Office of Information Technology, (IT-POL-003) and Louisiana Property Assistance Agency, the university has adopted the following policy related to the removal of security sensitive data from computer storage devices.
“Security-sensitive” refers to data that is confidential or protected from disclosure by either federal or state laws.
“Computer storage devices” include personal computers, laptops, computer servers, copiers, fax machines, scanners, ipads, along with other electronic equipment that store data.
Each university department is responsible for removing security-sensitive data from its computer storage devices prior to completing a transfer. The following procedures will ensure that no sensitive data leaves the campus. Technical support is available from departmental computer technicians, Technical Services, and Computing Center personnel.
Computer storage devices declared as surplus equipment:
- The department erases sensitive data before releasing the device.
- Submit an Equipment Disposition Request using standard property procedures.
- A technician will execute a “disc wiper” program, removing all data on internal hard drive(s), at the surplus equipment warehouse.
Transferring a computer storage device to another department:
- Submit an Equipment Transfer Request using standard property procedures.
- Prior to physically moving the device, the property office will appoint a technician to visit onsite and execute the “disc wiper” program on the device.
- Non-functioning computers:
Hard drives will be removed and destroyed.
Note: Data cannot be retrieved once a device is sanitized.
- The type of “disk wiper” program will be determined by the Computing Center and may be updated or changed as necessary.
- All computers will be clearly marked with a label, (supplied by the property office) stating the computer has been “sanitized” or its “hard drive removed”.
- The Property Office will conduct random spot checks of surplused computer storage devices to insure the university maintains compliance with this policy.
- Computing Center personnel will continue to maintain responsibility for data sanitization as it applies to mainframe data storage.