YALE-MSS-7.5: Securely remove data from systems before re-use

Standards Group:
YALE-MSS-7: Data Protection

YALE-MSS-7.5: Securely remove data from systems before re-use

Low Risk Endpoint Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Complete removal of confidential information from electronic media/devices is required before the media is made available for reuse.

Before wiping and repurposing the device, make sure you are permitted to delete the data on the device. If the data you have on your device is not available anywhere else, the University may require you to keep it. Review the Yale Records Retention Schedule maintained by the Office of General Counsel. This outlines how long we must keep certain data records preserved.

When the use or retention period of any media containing confidential information is completed, the confidential information must be destroyed, rendered unrecoverable, or returned to the owner.

Before repurposing or recycling any IT System, you must delete the data. Only “erasing” or “deleting” files does not remove them from the storage on an IT System. A user can still extract the data in many ways, putting the data at risk of unauthorized access.

See Secure Reuse and Recycling for Yale IT Systems for details on how to fully sanitize devices by device type.

End users (for endpoints) should reach out to their Local IT Support Provider to ensure the device is properly sanitized before being re-used or recycled.

Controls