YALE-MSS-7.6: Delete data when it is no longer required

Standards Group:
YALE-MSS-7: Data Protection

YALE-MSS-7.6: Delete data when it is no longer required

Low Risk Endpoint Not Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Not Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Not Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Removing unneeded data reduces risk.

When the use and retention period of data is complete, that data must be:

  • destroyed,
  • rendered unrecoverable, or
  • returned to the owner

If the data are not available anywhere else, the University may require you to keep them. Review the Yale Records Retention Schedule maintained by the Office of General Counsel. This outlines how long certain records must be preserved.

For normal use of a system with full-disk encryption, it is acceptable to delete files through the operating system's features (e.g., dragging a file to a trashcan and emptying the trash, or issuing an appropriate delete command from a command prompt).

For systems without full-disk encryption, delete data using operating system utilities and ensure procedures for repurposing and recycling are followed.