User login


Sanitization And Disposal Of Information Resources Policy

Effective Date: October 2013

 Revised: November 2014, July 2019

I. Introduction

A large volume of Data is stored on Systems (as each such term is defined in the Columbia University Information Security Charter (the “Charter”) throughout Columbia University. A substantial amount of this Data consists of Sensitive Data or Confidential Data (as each such term is defined in the Charter). Unauthorized disclosure of such Data may expose the University to legal liability. Data sanitization is the deliberate and permanent removal of Data from an Information Resource. This Policy defines the appropriate sanitization and disposal methods to be used.


Capitalized terms used herein without definition are defined in the Charter. 


II. Policy History

The effective date of this Policy is November 1, 2013. This Policy and the other Information Security Policies replace (A) the following University Policies:

  • Data Sanitization and Disposal of Electronic Equipment Policy, dated January 1, 2008, as amended in February 2008
  • Electronic Information Resources Security Policy, dated March 1, 2007 

and (B) the following CUIMC Policy:

  • Information Security: Backup, Device and Media Controls


 III. Policy Text



To see the full text of this policy, please use the link on the right.