Research Instruction & Information Technology Group

Electronic Media Disposal Policy: SCB–EMD–01

The purpose of this policy is to establish requirements for the proper disposal of electronic media containing sensitive data.

1.0 Purpose

The purpose of this policy is to establish requirements for the proper disposal of electronic media containing sensitive data. The disposal procedures used will depend upon the type and intended disposition of the media. A wide variety of information resources contain electronic media including, but not limited to: computer systems, personal desktop assistants, smart phones, removable storage devices such as USB storage devices, diskettes, magnetic tape, copy machines and fax machines.

2.0 Scope

This policy applies to all Smeal College of Business employees, contractors, consultants, temporary personnel, and other workers responsible for and/or utilizing electronic media storing Penn State data.

Note: Contracts subject to Penn State Office of Sponsored Programs technology control plans must also adhere to the media/data disposal requirements of the technology control plan and contract requirements.

3.1  Policy

All electronic media must be properly sanitized before it is transferred from the custody of its current owner. The proper sanitization method depends on the type of media and the intended disposition of the media. There are two acceptable methods for sanitization of electronic media.

  1. Overwriting media: Overwriting of data means replacing previously stored data on a drive or disk with a random pattern of meaningless This effectively renders the data unrecoverable, but the process must be correctly understood and carefully implemented. Simply reformatting the media in not sufficient. The media must be overwritten. Additionally, overwriting must be a multi-­‐pass procedure no fewer than three passes
  2. Destruction of media: Destruction is the process of physically damaging a medium so that it is not usable by any device that may normally be used to read electronic information on the medium such as a computer, personal hand held device, audio/video player,

Please contact the RIIT Group for the latest College approved tools and procedures for sanitizing electronic media and/or assistance with the process. By default, any computers sent to salvage have their hard disks wiped by one of the two acceptable methods listed above.

4.0 Enforcement

Any employee found to have violated this policy may be subject to disciplinary action by their Administrative unit, the College, or the University.

5.0 Revision History

06/04/2007 -­‐ Initial modification from COE policies, used with permission in conjunction with the Penn State IPAS project.

Printable PDF available