Non-removable media
In all cases, devices used to store University data must be encrypted to industry standards. Media or devices which have thus been encrypted need not be wiped or physically destroyed; they can have encryption keys deleted and then be re-used, resold, or recycled. However, if there is any question, then magnetic media (e.g. older hard drives) should be wiped, and NVRAM type devices (e.g. flash or thumb drives, SSDs) must be physically destroyed.
Removable media
Other forms of physical media, such as Compact and Digital Video Discs (CDs, DVDs) containing University records should be physically destroyed when they are no longer required. It is not recommended to use flash drives for anything other than temporary storage of University data, and these drives should be encrypted.
Encryption and wiping
Many operating systems (e.g., Windows, macOS) have native utilities for encrypting and wiping storage devices. For other operating systems, or if there are any questions, then the Security Operations Centre can offer advice.
Personally-owned media
All University employees are responsible for ensuring that university data is kept securely and erased from personally owned electronic media once operational use of the data has ceased.
Revised: January 2026