PC Disposal

Christopher E. Cramer chris.cramer at duke.edu
Wed Aug 22 21:38:53 GMT 2001


Hi,

We're currently looking into how old PCs are disposed of here.  The
concern we have is that in many cases machines leave the University (and
the associated Health System) without going through our surplus
department.  For example, we know that some departments give old machines
to staff on other occasions a department or school will donate old machines
to local public schools.

The problem is that if a machine leaves without hitting surplus first, it
may or may not have had any confidential information that was on the
system removed in a (relatively) safe manner.  The types of information we
are worried about are FERPA protected student information, sensitive
research data and (god forbid) HIPAA protected data on machines in the med
school or health system.

Have any of y'all dealt with these issues at your universities?  What
about at universities with associated medical centers?  We are currently
looking at drafting up some different options for new procedures to run by
the senior administration, but we know that one of the first questions
they'll ask is what are other universities doing in this area.

Any information on what y'all are (or even what you aren't) doing would be
most appreciated.

Thanks,
Chris

----------------------------------------------------------------------
Christopher E. Cramer, Ph.D.
Information Technology Security Officer
Duke University,  Office of Information Technology
253A North Building, Box 90132, Durham, NC  27708-0291
PH: 919-660-7003  FAX: 919-660-7076  email: chris.cramer at duke.edu












More information about the unisog mailing list