Standards Group:
YALE-MSS-7: Data Protection
YALE-MSS-7.7: Purge data once it is no longer required
Details
Purge data once it is no longer required. Before deleting the data, you need to know if it is available from another location. If the data you have on your device is not available anywhere else, the University may require you to keep it.
Review the Yale Records Retention Schedule maintained by the Office of General Counsel. This outlines how long we must keep certain data records preserved.
When the use and retention period of confidential data is complete, that data must be:
- destroyed,
- rendered unrecoverable, or
- returned to the owner
For normal use of a system with full-disk encryption (see YALE-MSS-7.2.1), it is acceptable to purge files through the operating system's features (e.g., dragging a file to a trashcan and emptying the trash, or issuing an appropriate delete command from a command prompt). This is because all of the system's file storage is encrypted, including the "slack space" where remnants of deleted files reside. Even if the system is stolen, its stored data are in an encrypted format that will be useless to an unauthorized party. For similar reasons, any non-local storage (e.g., network accessible or cloud based) must also be encrypted.
However, if a system is to be repurposed, its data must be permanently removed prior to redeployment. For details on how to sanitize a device completely, see YALE-MSS-7.5.1. For help permanently removing data from a device, contact your local IT Support Provider.
The less data on the device, the less data at risk if the device was ever compromised, lost, or stolen. Purge data you no longer need to reduce the risk of unauthorized access to that data.