Data and Media Disposition

Overview: 

When files are improperly or inadequately purged from storage media, it is often still possible to reconstruct or retrieve data. In order to mitigate the potentially significant risk of unauthorized disclosure of PSU information, storage media must be appropriately sanitized to prevent unauthorized access to, or disclosure of, sensitive institutional information. 

Getting Started: 

To get started with Data and Media Disposition at Penn State, contact the Office of Information Security directly by e-mail.

To read more on Penn State guidelines on information disposal, see The Electronic Data Disposal and Media Sanitization Standard and Policy AD95: Information Assurance and IT Security. 

More Information: 

Information and data must be permanently erased or purged from devices. This includes, but is not limited to, computer, server, laptop, multi­function printer, medical equipment, cell phone, wearables, digital communications equipment or storage media (e.g., CD, thumb drive, tapes, hard drives, external storage devices) prior to transfer within the University or other disposition.

Effective media sanitization requires the application of identified techniques to prevent recovery or reconstruction of residual stored information on the media appropriate to the classification level of the information and type of media. Some methods of data destruction are more complicated, time-consuming, or resource intensive than others.  Selection of the appropriately approved sanitization technique must be based on the information classification level: the higher the classification, the more stringent the data destruction methodology.

The primary responsibility for electronic data disposal and media sanitization rests with the units or individuals that purchased them. ​Units and individuals are required to document a record of storage media data removal and retain it for a period of three years media that stored moderate, high, or restricted data. 

 

This service is part of the Research Data category.

Summary

Availability: 

  • This is an active service

Eligibility: 

  • This Standard is applicable to all members of the Penn State community, and applies to all locations and operations of the University, including any third-­party provider with a contractual relationship with the University that maintains the same information types

Requirements: 

Information Security: 

  • Failure to properly purge information in a manner that renders the information unrecoverable may pose a significant risk to the University since information often can easily be recovered with readily available tools. 
  •  Requests for exceptions to this standard or the governing Policies should be made following the Requests for Exceptions to Information Security Policy

Support: