Data Destruction Rules

2012/02/22 by ITSRM

These subsidiary rules to Operational Circular No. 5 provide rules on how digital media must be wiped or destroyed such that any trace of data has disappeared from that media.

Rules

  • Digital media must be wiped when changing function or being retired from operations.
  • Digital media storing "Sensitive Data" must be wiped, in whole or in relevant part, once the data has become obsolete pursuant to archiving instructions.
  • Broken or defective digital media must be wiped unless repair is possible and under the condition that the acting company has an industry standard data protection policy in place. "Repair" also includes replacement of digital media under warranty provided that the acting company has an industry standard data destruction policy in place.
  • If wiping is not possible (and repair failed), the digital media must be physically destroyed independent of the classification level of the data stored.
  • Tapes are exempt from wiping due to technical and logistical reasons. However, they must be destroyed if they hold or have held "Sensitive Data".

Procedures

  • Procedure for wiping: Most digital media can be wiped running the Linux command "shred -fvuzn1 /dev/hdXXX" ("shred -fvuzn1 FILENAME"), running "diskutil secureErase freespace (level 0-4) /Volumes/(Drive Name)" after deleting files on MACs or using "FileShredder" for Windows. Wiping SSDs is more complicated: a good step-by-step procedure can be found at kernel.org. Recall that in RAID-configurations, each medium must be wiped separately. For journaling file systems the partition must not be mounted in data=journal mode (see /etc/fstab).
  • Procedure for destruction: Digital media for destruction shall be brought to the operator's desk in the CERN Computer Centre (building 513), where they will be gathered in sealed containers and regularly collected by a third party company specialized in their physical destruction.

Comments