YALE-MSS-7.7: Purge data once it is no longer required

Standards Group:
YALE-MSS-7: Data Protection

YALE-MSS-7.7: Purge data once it is no longer required

Low Risk Endpoint Not Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Not Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Not Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Purge data once it is no longer required. Before deleting the data, you need to know if it is available from another location. If the data you have on your device is not available anywhere else, the University may require you to keep it.

Review the Yale Records Retention Schedule maintained by the Office of General Counsel. This outlines how long we must keep certain data records preserved.

When the use and retention period of confidential data is complete, that data must be:

  • destroyed,
  • rendered unrecoverable, or
  • returned to the owner

Simply deleting files on a device does not destroy data. For details on how to sanitize a device completely, see YALE-MSS-7.5.1. For help permanently removing data from a device, contact your local IT Support Provider.

The less data on the device, the less data at risk if the device was ever compromised, lost, or stolen. Purge data you no longer need to reduce the risk of unauthorized access to that data.