Body
PRINT DISCLAIMER: Official version of this document is accessible in the online policy library at https://policyoffice.ku.edu/. Printed copies may not reflect the most recent updates.
DOCUMENT TYPE:
Policy
PURPOSE:
Data confidentiality is an issue of legal and ethical concern. The purpose of this policy is to provide for proper cleaning or destruction of sensitive/confidential data and licensed software on all computer systems, electronic devices and electronic media being disposed, recycled or transferred either as surplus property or to another user.
APPLIES TO:
University employees (e.g., faculty, staff, student employees) and other covered individuals (e.g., affiliates, vendors, independent contractors, etc.) in their handling of University data, information and records in electronic form during the course of conducting University business (administrative, financial, teaching, research or service).
CAMPUS:
Lawrence
POLICY STATEMENT:
The University of Kansas requires that before any computer system, electronic device or electronic media is disposed, recycled or transferred either as surplus property or to another user, the system, media or device must be either:
- properly sanitized of University sensitive/confidential data and software, or
- properly destroyed.
Any official University records must be appropriately retained / disposed of based on the University’s records retention policy prior to erasure or destruction of the system, device or media.
Electronic media must be sanitized following the guidelines in NIST Special Publication 800-88, “Guidelines for Media Sanitization”. The specific procedures and requirements to be followed when cleaning or destroying computer systems, electronic devices and electronic media are found in the Electronic Data Disposal Procedure document.
CONSEQUENCES:
Faculty, staff and student employees who violate this University policy may be subject to disciplinary action for misconduct and/or performance based on the administrative process appropriate to their employment.
Students who violate this university policy may be subject to proceedings for non-academic misconduct based on their student status.
Faculty, staff, student employees and students may also be subject to the discontinuance of specified information technology services based on the policy violation.
CONTACT:
Office of the Chief Information Officer
1001 Sunnyside Avenue
Lawrence, KS 66045
785-864-4999
kucio@ku.edu
APPROVED BY:
Provost and Executive Vice Chancellor
APPROVED ON:
2008-08-14
EFFECTIVE ON:
2008-08-14
REVIEW CYCLE:
Annual (As Needed)
RELATED STATUTES, REGULATIONS, AND/OR POLICIES:
Information Technology Security Policy
RELATED PROCEDURES:
Electronic Data Disposal Procedure
RELATED OTHER:
KU General Records Retention Schedule
NIST Special Publication 800-88, Guidelines for Media Sanitization
DEFINITIONS:
These definitions apply to these terms as they are used in this document.
| Sanitization (of computer hard drives) |
Removing data on a system through one or more various methods that may include overwriting or erasing data utilizing the methods described in NIST Special Publication 800-88. |
| Degaussing |
Process by which storage media is subjected to a powerful magnetic field to remove the data on the media. |
CHANGE HISTORY:
03/26/2025: Migration to TeamDynamix from Drupal.
01/26/2022: Updated contact section.
11/17/2014: Policy formatting cleanup (e.g., bolding, spacing).
08/17/2010: Updated to reflect NIST Guidelines for Media Sanitization.