Educause Security Discussion mailing list archives
Re: Policies for Equipment Disposal - computers and other devices with memory
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 30 Sep 2008 15:45:22 -0400
On Tue, 30 Sep 2008 11:57:26 CDT, Sallie F Wright said:
I am on the hunt for a sample policy that addresses disposal of equipment that have memory/hard drives specifically related to regulatory compliance. We have the computer side but I am wondering what others are doing around copiers, pda's, cellphones, etc.
Is the issue "regulatory compliance", which is mostly a proper-paperwork issue, or are you trying to address the actual data-leakage problem? (A serious question, that - I could see how your internal risk assessment says that the amount of data stored on a not-too-smart cellphone is an acceptable risk, but a beancounter rule still says you need to wipe it...)
Attachment:
_bin
Description:
Current thread:
- Policies for Equipment Disposal - computers and other devices with memory Sallie F Wright (Sep 30)
- <Possible follow-ups>
- Re: Policies for Equipment Disposal - computers and other devices with memory Sherry, Cathy (Sep 30)
- Re: Policies for Equipment Disposal - computers and other devices with memory Faith Mcgrath (Sep 30)
- Re: Policies for Equipment Disposal - computers and other devices with memory Valdis Kletnieks (Sep 30)