Equipment Surplus & Equipment Surplus & Secure Media DestructionSecure Media Destruction

Michael Thorn, Data Security SpecialistMichael Thorn, Data Security Specialist

May 2009, Pfizer – employee inadvertently tossed out “home use” hard drive in the trash

June 2009, DOD vendor – military contractor disposes of hard drive in foreign country

October 2009, US Veterans Affairs – vendor transferred failed hard drive to recycler

Recent HeadlinesRecent Headlines

Choose the “keep your hard drive” option on new purchases

To be or not to be…Green

Extend awareness to include home users and alternate work locations

What Can UAB Do?What Can UAB Do?

October 2008 –October 2008 –Data Destruction DayData Destruction Day

Harddrive

CD/DVD

3.5 Floppy Tape-disk Reel tape

Device Count Totals 190 35 475 40 30Storage in Gigabytes

Totals 3,800.0 24.5 0.7 450.0 3.4

Fun Stat

Total Terabytes of Storage Media

Destroyed4.275

69,600

Total Reel tape length(ft)

13.18

TotalReel tape

length(miles)

Data Classification Media Count

HIPAA 707

Proprietary 45

FERPA 18

Compliance PictureCompliance Picture

Best Practice:Best Practice:

Storage Media Storage Media DispositionDisposition

Storage Media for UAB data

Media Reuse?

Clear

Destroy

Validate

Complete

Document

Leaving UAB Control?

NO

YES

NO

YES

Secure Media Destruction FormSecure Media Destruction Form

Found at: main.uab.edu/Sites/it/faqs/57722/

Hazardous Waste Holding Facility: Freddie Crews

Phone: 934-0015

Address: 400 3rd Ave S Birmingham, AL 35233 Schedule a destruction time

Direct Contact for Secure Media Direct Contact for Secure Media DestructionDestruction

Surplus Warehouse wants them

Obsolete/Old/Unused Obsolete/Old/Unused Computers, Copiers and PrintersComputers, Copiers and Printers

Transferring Equipment to SurplusTransferring Equipment to Surplus

Storage Media Storage Media Identification ProcessIdentification Process

Obsolete or BrokenElectronic Equipment

Does the equipment

contain HD?

DoneDocument

NO

YES

Destroy

Validate

Remove HD

Obsolete or Broken Electronic Equipment – Laptop and desktop computers generally contain mass storage media. However, printers, copiers and fax machines may contain hard drives as well.Does the equipment contain an HD? – Some multipurpose office machines have computer hard drives designed into the devices architecture. Remove Hard Drive – Depending on the device, a hard drive may be easily accessible via a convenient service panel on the equipment, or located obscurely internal to the outer frame of the equipment.Destroy – Hard drive media should be destroyed using the industrial shredder located on campus. Validate – Assure qualified personnel have followed the correct procedures for media sanitation.Document – Maintain chain-of-custody documentation to verify the disposition of hard drives has been attained and for future auditing purposes.

Business Class Copiers, Scanners and Business Class Copiers, Scanners and PrintersPrinters