The following guidance is intended to assist in preventing unauthorised access to University data that is held electronically, especially when the device on which it resides is disposed of or recycled. It should be noted that;
There is a wide range of data held in the University, in many different formats, with research data being one of the most significant. It is important that, as well as planning for the curation of your data, you give consideration to how it will be destroyed where this is required for legal or other reasons. Guidance on when and who authorises the destruction of research data is covered in our section on Retention Periods and in the University Research Data Management Policy.
N.B. when data stored on an iSolutions server will still exist on backups for a period of time (usually 90 days).
To delete emails: empty mailbox and then purge.
Outlook/Exchange has a facility to allow deleted emails to be recovered up to 30 days after they have been deleted. There is also a facility within Outlook to purge deleted emails altogether so that they cannot be recovered.
To enable the secure disposal of electronically held data, it is not sufficient to simply delete the folder or file(s) from your PC or other device, because the data remains on the media but the space previously allocated is now available to be overwritten at some point in the future. Even reformatting the storage is not guaranteed to make the data unavailable. There are several methods to ensure that electronic data held on magnetic and solid state media is secure from unauthorised access.
It is recommended that optical media such as DVDs and CDs are physically destroyed. A simple method is to use a suitable shredder. Note that not all shredders are capable of destroying optical media, please check the suitability of your shredder before using this method.
If you cannot find a suitable shredder, the University retains an external company that specialises in destroying magnetic and solid state media and will provide a "Certificate of Assurance". To arrange for the disposal of any electronic equipment please complete the IT Disposal request form.
It is important that any data identified as sensitive and/or confidential and is not to be retained, whether for legal, ethical or other reasons, is destroyed carefully. The University Estates and Facilities provide a service for the removal of confidential waste. Requests for the removal of confidential waste should be made via Planon on SUSSED.
If your data is highly sensitive you should seek advice from within your Faculty/Research/Academic group to confirm that the confidential waste service is appropriate for your material. If you are shredding your sensitive material you should use cross-cut shredders with a minimum standard of DIN 4.