Guidelines for Data Protection - Media Sanitization and Disposal
Media sanitization is a process by which data is irreversibly removed from media or the media is permanently destroyed. The following table defines baseline controls for sanitization and disposal of media that records and/or stores Institutional Data.
|ME-1||Electronic Media is sanitized prior to reuse *||Recommended||Required||Required|
|ME-2||Electronic Media is destroyed prior to disposal *||Recommended||Required||Required|
|ME-3||Paper-based and/or written Media is destroyed prior to disposal *||Optional||Recommended||Required|
ME-1: A single pass overwrite of magnetic or solid state media is recommended. While multiple overwrites can be performed, this does not provide any additional assurance that data has been irreversibly removed (see the National Institute for Standards and Technology Special Publication 800-88). It is important to note that a range of factors can impact the effectiveness and completeness of an overwrite operation. For example, some software may not be able to access all data on a hard drive, such as reallocated sectors resulting from a drive fault. Reuse of electronic media outside of the organization is not recommended unless sanitization can be fully validated. If available, a firmware-based Secure Erase is recommended over a software-based overwrite. In situations where a third-party warranty or repair contract prohibits sanitization, a confidentiality and non-disclosure agreement should be put in place prior to making the electronic media available to the third-party.
ME-2: Media destruction should be performed in a manner that is consistent with techniques recommended by the National Institute of Standards and Technology (see Appendix A of Special Publication 800-88). Shredding and incineration are effective destruction techniques for most types of electronic media. The Information Security Office recommends destroying electronic media through Carnegie Mellon’s Computer Recycling Program, which is managed by the Environmental Health and Safety department. In situations where a third-party warranty or repair contract prohibits destruction, a confidentiality and non-disclosure agreement should be put in place prior to making the Electronic Media available to the third-party.
ME-3: Common techniques for destroying Institutional Data in written or printed form include cross shredding or incineration. In situations where cross shredding or incineration are either not feasible or impractical, use of a third-party data destruction service may be appropriate. Reasonable effort should be made to track and inventory data sent to a third-party for destruction and evidence of destruction should be retained (e.g. Certificate of Destruction). In situations where documents are destroyed in large quantities or are collected and sent to a third-party for destruction, a secure trash receptacle should be leveraged to mitigate the risk of unauthorized access during the collection period. A confidentiality and non-disclosure agreement should also be put in place prior to sending any data to a third-party.