Protecting Data After You’re Done With It

Thursday, April 1 2010

It’s an all too familiar news story: sensitive information on surplused computer hard drives becomes publicly available because the information was not properly removed.

In the always-changing regulatory environment, security is a unique challenge. All it takes is one misstep to compromise sensitive information. We are all aware of the need to protect the data in our control on a day-to-day basis, by keeping student information and other sensitive personal information confidential. But when we are done with our computer, thumb drive or other storage device, we typically send it off to University Surplus, frequently with intact or recoverable files remaining on it. The Surplus Property staff is not responsible for ensuring that every hard drive that comes through their shop is void of sensitive information prior to being disposed of. Departments are responsible for ensuring that sensitive information is wiped from devices before those devices leave their control.

To assist University computer users to remove sensitive data from their soon-to-be surplused computers, a bootable hard-drive-overwriting CD is available at no cost to University departments from the ITS Help Desk, located in Teaching and Learning Center (TLC) Room 128, and from Records Management, located in the SUB Room 53.

More information about retiring computers can be found at
If you have a computer that will not boot, or individual hard drives or other data storage devices that you would like to have safely disposed of, please contact Records Management at or 885-2580, the ITS Help Desk at or (208) 885-4357, or your college/departmental technical support person for assistance.

Please be aware the deleting files or reformatting hard drives simply removes information about the location of files. That means they are ready for overwriting, but until new data is written in the same physical location on the drive, the data is recoverable with freely available utilities. In addition, forensic computer researchers can recover information that has been overwritten a small number of times. The Federal Trade Commission recommended in a November 2008 consumer alert that hard drives containing sensitive information should be wiped “using a program that overwrites or wipes the hard drive many times.”