University of Illinois System
Policies & Procedures
Last item for navigation

12.4.5 Render Data Unrecoverable on Electronic Devices Prior to Transfer or Disposal

Policy Statement

All data on digital storage media must be rendered unrecoverable before the electronic device containing digital storage media is transferred between individuals or units within the system, to third parties, or to Surplus Warehouse Operations for reuse or secure disposal.

Definitions

Degauss—Permanent erasure of data rendering data unrecoverable, according to federal requirements.

Encryption Key Destroyed—All traces of a cryptographic key have been removed in such a way to render the data unrecoverable by physical or electronic means.

Inoperable Device—Electronic device (e.g., computer, USB stick, hard drive, etc.) has been rendered useless via dismantling, disrepair, or other means.

Overwritten—Previously stored data is replaced with random patterns.

Reason for the Policy

To determine whether an electronic device contains digital storage media and requires data elimination in accordance with system policy.

Applicability of the Policy

All electronic devices containing digital storage media prior to transfer between individuals or units within the system, to third-parties, or to Surplus Warehouse Operations for reuse or secure disposal.

Procedure

Procedural specifics for this policy are detailed in the IT15-Storage Media Security Standard. Oversight for this policy (compliance, maintenance, and definition for the associated standard) is assigned to the Chief Information Officer for each university and the University of Illinois System unless governance is otherwise provided for in university or system policy.

Consult the appropriate university information technology office or University Property Accounting and Reporting (UPAR) for assistance.

Unit designates and assigned FABweb unit representatives submitting disposals must attest that the proper data elimination policies and procedures were followed, and the scrub label is completed and attached to all required digital media devices and equipment.

To remove data from electronic devices:

  1. Magnetic media must be either completely overwritten (at least one full pass) or degaussed prior to disposal;
  2. High-Risk Data Storage Device Disposal Preprocess Protocol
    1. Completely and securely overwrite or degauss storage media; or
    2. Secure-delete all encryption keys for strongly-encrypted volumes; and
    3. Conspicuously tag the device or system, indicating and confirming:
      1. The system once contained high-risk data;
      2. The storage media have been properly prepared as noted above in items A or B, and are ready for destruction;
      3. The date, unit name, and system manager name
  3. Affix a scrub label to the front of the item to certify that the unit has removed the data. On the label, ensure unit IT support completed the scrub label as follows:
    1. "Degaussed" if the data was degaussed.
    2. “Encryption key destroyed” to render the data unrecoverable.
    3. "Inoperable Device" if the device is inoperable and cannot run data elimination software.
    4. "Overwritten" if the data was overwritten.
    Important: Do not remove the hard drive or other components. If the Scrub Label is missing, the unit may be charged for the cost of eliminating the data or the equipment may be returned to you for scrubbing, at the unit’s expense. Ensure the IT employee responsible has completed, signed off, and affixed the scrub label.
  4. Consult Additional Resources below for general information about data elimination, data scrubbing software, and Scrub Labels. For assistance, contact UPAR.

Note - Springfield

If the equipment is a digital media device, complete a transfer transaction in FABweb, transferring the computer to UIS Information Technology Services (ITS). UIS units do not need to complete a surplus/disposal request in FABweb. ITS will complete the remaining steps for these electronic items.

Policy Information

  • First Published

    June 2011

  • Last Updated

    March 2025

  • Last Reviewed

    March 2025

Related Policies and Procedures

Chicago—ACCC (Academic Computing and Communications Center)

Revised University Guidelines on the Sale, Donation, or Transfer of Computer Hard Drives and Other Magnetic Media

Springfield—Use FABweb to transfer the item to UIS Information Technology Services. They will wipe the data.

Illinois Data Security on State Computers Act

Urbana—Technology Services

Erasing Your Hard Drive: Disk Scrubbing

Controls | Policies-Standards-Controls | Privacy and Cybersecurity | Technology Services at Illinois

Scrub Labels: Avery 5163 Data Scrub Label