Standards Group:
YALE-MSS-7: Data Protection
YALE-MSS-7.7: Purge data once it is no longer required
Details
Purge data once it is no longer required. Before deleting the data, you need to know if it is available from another location. If the data you have on your device is not available anywhere else, the University may require you to keep it.
Review the Yale Records Retention Schedule maintained by the Office of General Counsel. This outlines how long we must keep certain data records preserved.
When the use and retention period of confidential data is complete, that data must be:
- destroyed,
- rendered unrecoverable, or
- returned to the owner
Simply deleting files on a device does not destroy data. For details on how to sanitize a device completely, see YALE-MSS-7.5.1. For help permanently removing data from a device, contact your local IT Support Provider.
The less data on the device, the less data at risk if the device was ever compromised, lost, or stolen. Purge data you no longer need to reduce the risk of unauthorized access to that data.