Data Destruction Rules
2012/02/22 by ITSRMThese subsidiary rules to Operational Circular No. 5 provide rules on how digital media must be wiped or destroyed such that any trace of data has disappeared from that media.
Rules
- Digital media must be wiped when changing function or being retired from operations.
- Digital media storing "Sensitive Data" must be wiped, in whole or in relevant part, once the data has become obsolete pursuant to archiving instructions.
- Broken or defective digital media must be wiped unless repair is possible and under the condition that the acting company has an industry standard data protection policy in place. "Repair" also includes replacement of digital media under warranty provided that the acting company has an industry standard data destruction policy in place.
- If wiping is not possible (and repair failed), the digital media must be physically destroyed independent of the classification level of the data stored.
- Tapes are exempt from wiping due to technical and logistical reasons. However, they must be destroyed if they hold or have held "Sensitive Data".
Procedures
- Procedure for wiping: Most digital media can be wiped running the Linux command "shred -fvuzn1 /dev/hdXXX" ("shred -fvuzn1 FILENAME"), running "diskutil secureErase freespace (level 0-4) /Volumes/(Drive Name)" after deleting files on MACs or using "FileShredder" for Windows. Wiping SSDs is more complicated: a good step-by-step procedure can be found at kernel.org. Recall that in RAID-configurations, each medium must be wiped separately. For journaling file systems the partition must not be mounted in data=journal mode (see /etc/fstab).
- Procedure for destruction: Digital media for destruction shall be brought to the operator's desk in the CERN Computer Centre (building 513), where they will be gathered in sealed containers and regularly collected by a third party company specialized in their physical destruction.
Comments
- Where data requires archiving, it does not become obsolete. However, the decision to archive data must be considered carefully and the archive shall have a legitimate use-case. Archiving shall not be mis-used to avoid data destruction.
- The current US recommendations for securely erasing hard disks can be found in the NIST 800-88 publication "Guidelines for Media Sanitization". In accordance with "Overwriting Hard Disk Data: The Great Wiping Controversy" and "Data Reconstruction from a Hard Disk Drive using Magnetic Force Microscopy", one pass wiping is considered to be fully sufficient for recent hard disks.