Cybersecurity Tip of the Month
Knowing what kind of data you have will help you determine the correct way to dispose of it.
Training
Current Required Training - Due March 29, 2024 (You may have already completed this quarterly training.)
- Training Video: Unintentional Insider Threats
- Interactive Training: Identifying Unintentional Insider Threats
Optional Additional Training - Available until January 31, 2024
- Training Video: Securing Data: Know Your Role
- Interactive Training: Managing and Disposing of Data
*Required training is for System Office, UIUC, and UIS employees. Optional training is open to all employees. To access required training or optional additional training, please visit https://go.uillinois.edu/securitytraining/.
Dispose of Data Securely
Data disposal is the process of destroying data to make sure it’s no longer readable or available. Data disposal can:
- Eliminate unnecessary and irrelevant data.
- Improve efficiency.
- Free up storage space.
- Prevent a data breach.
Simply deleting a file doesn’t guarantee that the data in that file is gone. The file still exists, and data from it can be recovered easily using free software.
Even reformatting a hard drive does not guarantee that the data on that drive is gone. Imagine a tall stack of physical file folders that are full of papers. Reformatting is like taking the pages out of those folders and scattering them all over the floor. The result is a disorganized, confusing mess—but the data is still there. Almost anyone can recover data from a reformatted drive with easily accessible online tools.
However, the disposal process destroys data so that it is unreadable and unrecoverable.
What Can You Do?
Before disposing of university data or devices:
- Be aware of the data category you are working with (High Risk, Sensitive, Internal, or Public). Disposal requirements vary by data category, and High Risk data requires extra steps. For more information about disposal requirements by data category, go to the Security Compliance, Electronic Data, Disk, SSD, or Other Storage Device Disposal article. Visit the Data Classification Overview page for more information on data categories.
- Check whether the data qualifies as a university record. You must have State approval before disposing of university records. Check the Records and Information Management Services (RIMS) website at http://go.uillinois.edu/rims to learn more about identifying and disposing of records.
- Confirm that the data is no longer needed. You don’t want to destroy data that might still be in use or necessary.
Once the steps above have been completed, review OBFS Policy 12.4.5 Render Data Unrecoverable on Electronic Devices Prior to Transfer or Disposal for specific data disposal instructions, and check with your college or unit IT professional for additional help.
*To check out additional training about secure data disposal, please visit https://go.uillinois.edu/securitytraining.
Announcements
2024 Privacy Everywhere Conference: Leading with Privacy
Decisions about privacy affect our professional, educational, and personal lives. This free in-person conference with streaming available is on January 26, 2024, at Beckman Institute in Urbana, Illinois. It will cover balancing privacy goals and innovation, data rights, data collection risks, and implementing privacy principles in higher ed, among other topics.
Register for the 2024 Privacy Everywhere Conference today! Sessions include privacy regulation in the courts with Irish civil liberties expert Dr. Johnny Ryan, an AI and privacy panel with Christopher Lee from MITRE, and how Uber is protecting privacy.
Stay safe, stay secure. Contact securitytraining@uillinois.edu with questions or feedback.