Data sanitization is the process of deliberately, permanently, irreversibly removing or destroying the data stored on a memory device. These memory devices include, but are not limited to, the following: computer hard drives, magnetic disks, flash memory devices, CDs and DVDs, PDAs (e.g., Palm Pilots, Pocket PCs, and Smart phones), Zip disks, and USB storage devices (e.g., flash drives, iPods, and portable hard drives). A device that has been sanitized has no usable residual data remaining and even advanced forensic tools should never be able to recover erased data.
All memory devices containing protected data must undergo data sanitization before relocating, reassigning, donating, or disposing of the device. Following are the currently recommended data sanitization tools.
Per the Information Security Management and Compliance Electronic Data Sanitization Verification, all electronic data must be properly sanitized prior to release of custody.
Data Sanitization Verification by the department is required by the Property Management for all media storage devices which are surveyed. The department is to certify and specify the media sanitization process per line item and attach a copy of it to every Property Movement Form and Request for Survey Form containing any of the above mentioned media.
For electronic media devices that cannot be sanitized, contact IT Security and Compliance (extension 3-4534).