Sensitive Data Destruction Guidelines

device disposal

Keeping records with sensitive information that no longer need to be maintained under the UC Records Retention Schedule is a privacy risk.


UC Records Retention Schedule FAQ

Records Management Resources

If you have “permanent” records scheduled for university archives review, please contact Audra Yun (, Head of Special Collections & Archives and University Archivist. The university archives accepts records in physical and electronic formats. See to learn more about the types of records that the archives accepts.

Paper Records Disposal and Shredding

It is a good idea to shred unnecessary paper records with sensitive information.

Before you shred:

  1. Identify the records you have and whether they are still in use.
  2. Check the UC Records Retention Schedule.
  3. Determine whether the records can be destroyed.
    • If the retention period has lapsed and no one uses the records, destroy or delete the records. Shred sensitive, confidential, or restricted paper records.
    • If the retention period has lapsed but the records are part of a foreseeable or ongoing litigation; an investigation; an ongoing audit; or a pending Public Records Act request, KEEP the records. Do NOT destroy.
    • If your unit/department has been notified by Risk Management or counsel to retain the records, do NOT destroy them.
  4. Verify with your supervisor that it is acceptable to destroy the records.

Device Disposal

Hard drives, USB devices, copier drives, and external hard drives should be disposed of appropriately. When in doubt, if sensitive information is on these types of devices, they should be disposed of by a service that maintains a chain of custody and provides a certificate of destruction.

Using "Be Smart About Safety" Loss Reduction funds provided by UCI's Risk Management Department, the Information Security and Privacy Committee and UCI Equipment Management enhanced the campus surplus program so that decommissioned devices can be securely disposed.


Send email to to request pick up of the drives.

The email should contain the following information:

  • Department name
  • Contact person name, phone, email
  • General description of Sensitive Data Devices (such as: 10 drives with sensitive data)
  • Location: Building name, room# to meet the contact person for picking up drives
  • Subject of email "Hard Drive Destruction"

The Equipment Management team will contact you to arrange a time for pickup & destruction of the drives.