• CSULB Home
• Students
• Faculty & Staff
• Alumni
• Parents
• Visitors & Community
• Giving to CSULB

Information Security Management and Compliance

Media Sanitization Standard

printable version

1. Background

   The Fair and accurate Credit Transaction Act of 2003 contains several provisions designed to help reduce the incidence of identify theft, and help victims recover their credit reputations after they have been victims of identity theft. California Civil Code Section 1798.81 requires businesses, when disposing of customer records, to take all reasonable steps to destroy personal information in the records by shredding, erasing, or otherwise modifying the personal information so that it is unreadable or undecipherable.
   
   This Standard addresses the provision of FACTA and California Civil Code Section 1798.81 requiring that reasonable measures be taken when disposing of any record, in any format, containing confidential information to protect against the unauthorized access to it.

2. Standard

   To protect the confidentiality of information and the related privacy rights of CSULB students, faculty and staff concerning this information all software and/or files from computers, and storage media devices must be sanitized prior to disposal.

   The sanitization process shall remove all information from media such that data recovery is not possible. Several methods can be used to sanitize media; however, the two major types of sanitization are clearing and destroying:

   • Clearing

     Clearing information is a level of media sanitization that protects the confidentiality of information against a robust keyboard attack. Simple deletion of items does not suffice for clearing. Clearing must not allow information to be retrieved by data, disk, or file recovery utilities and it must be resistant to keystroke recovery attempts executed from standard input devices and from data scavenging tools. Overwriting is an acceptable method for clearing media. The security goal of overwriting replaces written data with random data.

     There are several overwriting software products to overwrite storage space on the media. Network Services provide software tools and procedures to securely clean the data from ATA based hard drives and other storage media. Software and instructions are available for all campus users. Please contact the Director of Network Services at (562) 985-4750 for more information.

     Overwriting cannot be used for media that are damaged or not rewriteable. In such cases, media should be destroyed.

   • Destroying

     Destruction of media is the ultimate form of sanitization. After media are destroyed, they cannot be reused as originally intended. Physical destruction can be accomplished using a variety of methods, with cross-cut shredding being the most common practice. Departments may shred media on site or contact Procurement and Support Services for a listing of approved vendors that meet the campus Third Party Agreements / Confidential Information Standard.

   Specific recommendations for sanitizing different media types are included in Attachment A.