Sensitive Data Destruction Guidelines
Paper Records Disposal and Shredding
It is a good idea to shred unnecessary paper records with sensitive information.
Before you shred:
- Identify the records you have and whether they are still in use.
- Check the UC Records Retention Schedule.
- Determine whether the records can be destroyed.
- If the retention period has lapsed and no one uses the records, destroy or delete the records. Shred sensitive, confidential, or restricted paper records.
- If the retention period has lapsed but the records are part of a foreseeable or ongoing litigation; an investigation; an ongoing audit; or a pending Public Records Act request, KEEP the records. Do NOT destroy.
- If your unit/department has been notified by Risk Management or counsel to retain the records, do NOT destroy them.
- Verify with your supervisor that it is acceptable to destroy the records.
Hard drives, USB devices, copier drives, and external hard drives should be disposed of appropriately. When in doubt, if sensitive information is on these types of devices, they should be disposed of by a service that maintains a chain of custody and provides a certificate of destruction.
Using "Be Smart About Safety" Loss Reduction funds provided by UCI's Risk Management Department, the Information Security and Privacy Committee and UCI Equipment Management enhanced the campus surplus program so that decommissioned devices can be securely disposed.Instructions
Send email to firstname.lastname@example.org to request pick up of the drives.
The email should contain the following information:
- Department name
- Contact person name, phone, email
- General description of Sensitive Data Devices (such as: 10 drives with sensitive data)
- Location: Building name, room# to meet the contact person for picking up drives
- Subject of email "Hard Drive Destruction"
The Equipment Management team will contact you to arrange a time for pickup & destruction of the drives.