Delete or destroy data and devices
- Michael Laurentius
Purpose
Part of proper data and device (asset) management is the secure deletion (sanitization) and destruction of data when it is no longer required for a project and not suitable for preservation or subject to retention or archiving requirements.
Audience
faculty researchers Admin staff IT staff students
On this page
Initial considerations
Data retention; preservation or archiving.
Increasingly, there are legal, regulatory, and policy-based obligations or academic and public value to the long-term storage of data produced at the University.
Administrative data
Research data
Consult ethics protocols and other agreements.
Is your data or your obligation to securely delete it covered by other binding documents or contracts?
Human ethics or animal use protocol.
Ethics/use protocols will need to specify for how long your data is to be retained, if it will be deposited into a long-term solution, and how it will be securely deleted.
If you are unsure about your obligations, please contact the relevant ethics unit.
Agreements (Data sharing [DSA], material sharing [MTA], etc.)
Research contracts and agreements can include language around how data can be retained or how it should be deleted upon the conclusion of the contract, agreement, or project.
Contact the relevant contract and agreements office regarding sponsor or data provider requirements.
Determine your data's classification.
Classifying your data is the first step to knowing what methods are required to properly delete or destroy it.
What can I do?
For confidential, sensitive, restricted, or regulated data (Level 3 or 4)
Data is unrecoverable only if stored on an encrypted device. Encrypt data and devices
Windows
Delete a file
Sanitize a device
See Cross-platform options.
MacOS
Delete a file
Sanitize a device
Erase and reformat a storage device in Disk Utility on Mac
Choose “most secure” under “security options”
Linux
Delete a file
Sanitize a device
Cross-platform
Sanitize a device
Your motherboard or drive manufacturer might provide a proprietary sanitization utility.
Cloud services
Contact provider regarding secure data deletion pipeline.
Physical data
Commercial shredding.
Ensure that you receive a Certificate of Destruction for your records.
Contact your local IT group for recommendations.
For non-sensitive, non-public data (Level 2)
Data could be recovered with difficulty.
Windows
Delete a file
Delete all data from a device
Do not perform a “quick format”.
MacOS
Delete a file
Delete file and empty Trash .
Delete all data from a device
Erase and reformat a storage device in Disk Utility on Mac
Do not select “fastest” under “security options”.
Linux
Delete a file
Delete all data from a device
Cloud services
Contact provider regarding secure data deletion pipeline.
Physical data
Office or commercial shredding.
For public data (Level 1)
Data could be recovered with little difficulty.
Windows
Delete a file
Delete file and empty Recycle Bin.
Delete all data from a device
MacOS
Delete a file
Delete file and empty Trash .
Delete all data from a device
Linux
Delete a file
Delete file
Delete all data from a device
Cloud services
Delete file within platform; wait for recovery period to expire.
Physical data
Recycle and/or shred, if appropriate.
Search
Additional help
General
Researchers
https://security.utoronto.ca/services/research-information-security-program/
Related articles