Delete or destroy data and devices

Purpose

Part of proper data and device (asset) management is the secure deletion (sanitization) and destruction of data when it is no longer required for a project and not suitable for preservation or subject to retention or archiving requirements. 


Audience

faculty researchers Admin staff IT staff students


On this page


Initial considerations

Data retention; preservation or archiving.

  • Increasingly, there are legal, regulatory, and policy-based obligations or academic and public value to the long-term storage of data produced at the University.

Administrative data

Research data

Consult ethics protocols and other agreements.

  • Is your data or your obligation to securely delete it covered by other binding documents or contracts?

Human ethics or animal use protocol.

Agreements (Data sharing [DSA], material sharing [MTA], etc.)

Determine your data's classification.


What can I do?

For confidential, sensitive, restricted, or regulated data (Level 3 or 4)

Data is unrecoverable only if stored on an encrypted device. Encrypt data and devices

Windows

MacOS

Linux

Cross-platform

Cloud services

  • Contact provider regarding secure data deletion pipeline.

Physical data

For non-sensitive, non-public data (Level 2)

Data could be recovered with difficulty.

Windows

MacOS

Linux

Cloud services

  • Contact provider regarding secure data deletion pipeline.

Physical data

  • Office or commercial shredding.

For public data (Level 1)

Data could be recovered with little difficulty.

Windows

MacOS

Linux

Cloud services

  • Delete file within platform; wait for recovery period to expire.

Physical data

  • Recycle and/or shred, if appropriate.


Search

How do I...


Additional help

General

Contact us | Information Security (IS)

Contact us | Information Technology (IT)

Researchers

https://security.utoronto.ca/services/research-information-security-program/


Related articles