Policy: Electronic Data Removal
|Date: 02/01/08||Policy ID: IRM-004||Status: Final|
|Contact Office:||Chief Information Officer (Office of the)|
|Oversight Executive:||Chief Information Officer|
Academic Division, the Medical Center, the College at Wise, and University-related foundations.
|Table of Contents:||Policy Statement
|Reason for Policy:||
The purpose of this policy is to minimize the risks of exposing electronic data to individuals unauthorized to view these data and transferring software to those not licensed to use it. This policy is essential to compliance with state and federal data privacy statutes and with software licensing agreements.
|Definition of Terms in Statement:||
Electronic Devices: Electronic equipment, whether owned by the University or an individual, that has a storage device or persistent memory, including, but not limited to: desktop computers, laptops, tablets, smart phones and other mobile devices, as well as servers (including shared drives), printers, copiers, routers, switches, firewall hardware, etc.
Electronic Media: All media, whether owned by the University or an individual, on which electronic data can be stored, including, but not limited to: external hard drives, magnetic tapes, diskettes, CDs, DVDs and USB storage devices (e.g., thumb drives).
All software and data files must be removed by University-approved procedures from electronic devices and electronic media that are surplused, returned to a leasing company, or transferred from one University employee to another employee having different software and data access privileges. When electronic devices are sent outside the University for repair, all data must be either encrypted or removed.
See http://www.virginia.edu/informationsecurity/dataremoval for procedural details.
In addition to being a widely-accepted security and privacy practice, effective data removal is required by state and federal regulations. See:
The consequences of unauthorized release of sensitive data are increasing due to Commonwealth of Virginia and federal regulations and growing public concern over privacy and identify theft. In addition, the University is bound by software licensing agreements not to allow unauthorized software use. Without this policy, the risks of data exposure and unauthorized software use would be significant given that:
These are unacceptable risks for the University.
|Major Category:||Information Resource Management|
|Category Cross Reference:|
|Next Scheduled Review:||02/01/18|
|Approved By, Date:||Executive Vice President and Chief Operating Officer, 11/26/04|
|Revision History:||Updated 2/4/15; 9/17/13; 9/21/12; 4/14/11; 2/1/08.|
|Supersedes (previous policy):|