University Policy

.

Data Removal

Approval Date: 2005-12-08

Effective Date: 2018-03-06

Review Date: 2021-05-01

Authority:

The Vice-President (Administration and Finance) through the Director of Information Technology Services

Purpose

To minimize potential data exposure and security risk by providing guidelines for the disposal of Electronic Devices and media, once they are deemed Surplus Assets. Sale, re-allocation within the University, or transfer to a pubic body of these Surplus Assets can involve risks related to unauthorized release of confidential information, unauthorized disclosure of trade secrets, copyrights, or other intellectual property, unauthorized access to personal information protected under privacy legislation that might be stored on the hard disks and other storage media, or potential violation of software license agreements. 

Scope

All University-owned Electronic Devices and media used by faculty, staff, students and others affiliated with Memorial University of Newfoundland.

Definitions

Asset Administrator — This role is normally carried out by the employee in the Unit who has responsibility for financial matters. This role is responsible for ensuring measures are in place within the Unit for safeguarding Tangible Assets, for reviewing, maintaining and updating the Unit's Tangible Capital Asset property report and corresponding with FAS to ensure necessary updates are made to Tangible Capital Asset records. This is a functional description, not a position title.

Electronic Device — Any device that is powered and is used to access, process or store University data including any information technology storage media run by, or attaching to, a device. This may include but is not limited to computers, multifunction printers with storage, hard disks, memory keys, SD cards, smartphones, DVD/CDs, peripherals and software.

Smartphone — Mobile phone that performs many of the functions of a computer, typically having a touchscreen interface, Internet access, and an operating system capable of running downloaded applications must employ approved security configurations and/or software. As per the Electronic Data Security policy, encryption, versus PIN or password protection, is required in any instance where the latter does not lead to factory reset of the device after a finite number of failed password attempts.

Surplus Asset — A Tangible Asset that has reached its optimal benefit for reasons such as wear, obsolescence, or changes in technology, teaching methods or Unit requirements.

Tangible Asset — Anything owned by the University that has a monetary value and includes Items such as buildings, property, furniture, equipment, computers, electronic devices, machinery, instruments.

Tangible Capital Asset — Those Tangible Assets which are of a continuing or long-term use in the conduct of the University's operations and which must be recorded in the University's financial records as capital to meet financial reporting requirements and for insurance purposes. See Schedule of Tangible Capital Asset Determinations.

Policy

All university employees are responsible for the use and care of the Electronic Devices and media assigned for their use. When these are no longer of use to the assigned employee, they may be deemed Surplus Assets in accordance with the Tangible Asset Administration policy. Employees must take all reasonable steps to limit Memorial University's liability and risk with regards to the protection of the data and software on Electronic Devices and media.

In accordance with the related procedures and regardless of the surplus option chosen, Electronic Devices must have the data and any licensed software removed or the device destroyed. 

Unit Heads are responsible to ensure compliance with this policy and its related procedures. The Asset Administrator is responsible for executing the related procedures. The IT-Classified staff is responsible for destruction of the data, following technical guidelines outlined in the related procedures. An IT-classified employee is one so-designated by the Department of Human Resources.

Any deviation from this policy must have the prior approval of the Vice-President (Administration and Finance).

Related Documents

Enterprise Risk Management policy
Information Management
policy
Tangible Asset Administration policy 

Procedures:

For inquiries related to this policy:

Information Technology Services, (709) 864-8116

 

Sponsor:

Vice-President (Administration & Finance)

Category:

Operations

Previous Versions:

There is at least one previous version of this policy. Contact the Policy Office to view earlier version(s)

Approval Date: 2005-12-08
Effective Date: 2017-06-01
Approval Date: 2005-12-08
Effective Date: 2013-11-05
Approval Date: 2005-12-08
Effective Date: 2005-12-08
Policy Amendment History

There are past amendments for this policy:

Action: REPLACED
Date: 2019-05-24 12:55:19
This policy was replaced with a new version. Comment provided: Connected definitions using the definitions from the glossary.