To protect sensitive university data from unauthorized disclosure when the media that stores the data is disposed of or reused, K-State’s new Media Sanitization and Disposal Policy is now in effect and has been published in the university’s PPM.
“Media sanitization” is a process by which all data are permanently removed from storage media in a manner that prevents their recovery. This applies to anything that can store data — computer hard drives, CDs and DVDs, backup tapes, USB flash drives, and even paper. We can employ the most strict security controls to protect data while in our possession, but it is all for not if the data remain on a computer hard drive when that system is disposed of, recycled, or reused.
Numerous examples exist of data “leaking” in this fashion, including data found by auditors on computers at Kansas’ State Surplus Property facility in Topeka and large amounts of personal student data found in trash cans and recycle bins at the University of Kansas.
This new policy, which is driven in part by a similar state policy, specifies requirements for properly removing data from all different types of media to prevent unauthorized disclosure. K-State’s Property Management policies and procedures have been revised as well, and the Disposition of Property form now includes a certification that states: “By signing this form, I certify that all University data have been properly removed from any data storage devices in any equipment listed above, in accordance with PPM 3436 Media Sanitization and Disposal Policy.” The Controller’s Office will no longer accept the old Disposition of Property Form (DA 110).
More information is also available at K-State’s new media sanitization website.
Since everyone at K-State handles university data in some fashion, this policy applies to everyone. K-Staters should familiarize themselves with its requirements to help protect K-State’s valuable information resources.