Educause Security Discussion mailing list archives

Re: Policies for Equipment Disposal - computers and other devices with memory

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 30 Sep 2008 15:45:22 -0400

On Tue, 30 Sep 2008 11:57:26 CDT, Sallie F Wright said:

I am on the hunt for a sample policy that addresses disposal of
equipment that have memory/hard drives specifically related to
regulatory compliance. We have the computer side but I am wondering what
others are doing around copiers, pda's, cellphones, etc.


Is the issue "regulatory compliance", which is mostly a proper-paperwork
issue, or are you trying to address the actual data-leakage problem?

(A serious question, that - I could see how your internal risk assessment
says that the amount of data stored on a not-too-smart cellphone is an
acceptable risk, but a beancounter rule still says you need to wipe it...)

Attachment: _bin
Description:

Current thread:

Policies for Equipment Disposal - computers and other devices with memory Sallie F Wright (Sep 30)
- <Possible follow-ups>
- Re: Policies for Equipment Disposal - computers and other devices with memory Sherry, Cathy (Sep 30)
- Re: Policies for Equipment Disposal - computers and other devices with memory Faith Mcgrath (Sep 30)
- Re: Policies for Equipment Disposal - computers and other devices with memory Valdis Kletnieks (Sep 30)