Topics Map > UW-Madison > Cybersecurity > Access Control

UW-Madison - CIO - Disposal and Reuse Policy

Applies to UW-Madison employees, contractors and associates who are disposing of or reusing media or devices that contain UW-Madison restricted or sensitive Data.

The policy requires that media or devices that contain UW-Madison restricted or sensitive data are adequately erased, obscured, destroyed or otherwise rendered unusable before disposal, or adequately erased before reuse for another purpose.

The Disposal and Reuse Procedures are the implementation of the policy.

 
  • Of interest to:
    • Faculty
    • IT Security Staff
    • IT Staff
    • Staff
  • Subjects:
    • Cloud Services
    • Cybersecurity
    • Mobile Devices
    • Personally-owned Dev.
    • Records Management
  • Cybersecurity:
    • Access Control
  • Data Handling Activities:   
    • Access
    • Archive
    • Disposal
    • Retention
    • Storage
 

Media and Device Disposal and Reuse Policy

Policy

UW-Madison employees, contractors, and associates must assure that media or devices in their possession that contain restricted or sensitive data are adequately erased, obscured, destroyed or otherwise rendered unusable before disposal, or adequately erased before reuse for another purpose. This includes electronic media and devices of all types, as well as paper and other non-electronic media.

Background

Unauthorized access to restricted or sensitive data can have significant detrimental effects on individuals or the institution. There are laws, regulations and contracts that require the university to protect certain types of information from unauthorized access.

When media or devices are disposed of or reused for a different purpose, unobscured restricted or sensitive data that is present is vulnerable to access by unauthorized persons.

Authority

Issued by the UW-Madison Vice Provost for Information Technology.

Enforcement

  1. UW-Madison employees who do not comply may be subject to disciplinary action up to and including termination of employment.
  2. Contractors or associates who do not comply may be subject to penalty under the governing agreement. Compliance may be a consideration affecting new or renewed agreements.

Contact

Please address questions or comments to policy@cio.wisc.edu.

 



Keywords:policies policy requirements requirement requirements, administrators faculty it-security-staff it-staff managers supervisors administration information-technology security, cloud-services mobile-devices personally-owned-devices records-management resource-management security cloud cybersecurity devices mobile personal personally records resource, archive disposal retention storage, access-control access restricted-data sensitive-data hipaa-data ferpa-data restricted-research-data sensitive-research-data restricted sensitive hipaa ferpa fisma research   Doc ID:59275
Owner:GARY D.Group:IT Policy
Created:2016-01-02 17:41 CDTUpdated:2016-11-27 16:55 CDT
Sites:IT Policy
CleanURL:https://kb.wisc.edu/itpolicy/cio-disposal-and-reuse-policy
Feedback:  0   0