The University of Tennessee
A-Z Index  /  WebMail  /  Dept. Directory
 

Sanitization Information

Objective

The regulations governing the use, transfer, and storage of electronic information are changing. Federal regulations (HIPAA, GLBA, and FERPA) require that guidelines be established to ensure that protected information is securely removed from electronic data storage media, prior to its reuse, transfer, or disposal. The Tennessee state law Chapter Number 473, Senate Bill Number 2220 requires that specific notification activities take place if select unencrypted personally identifiable information is released to the public. These requirements create the need to protect electronic information in all forms, including storage media, from unauthorized access. Therefore, the University of Tennessee must create protection requirements for systems and the associated electronic data storage media that are transferred between departments, including those transferred to the Surplus Property Division.

These requirements establish the responsibility and authority for system owners to protect information deemed by the university to have restricted access. In order to protect this information, proper sanitization of all information technology resources and the associated electronic data storage media is required in the following instances:

  • Any system or associated electronic data storage media that is sent to the Surplus Property Division
  • If the system or associated electronic data storage media is to be disposed of contains patentable, trade secret, or proprietary research records
  • If the system or associated electronic data storage media was used in an area that handles Health Insurance Portability and Accountability Act (HIPAA) information
  • If the system or associated electronic data storage media was used in an area that handles Gramm-Leach-Bliley Act (GLBA) information
  • If the system or associated electronic data storage media was used in an area that handles Family Educational Rights and Privacy Act (FERPA) information
  • If the system or associated electronic data storage media was used in an area that handles personally identifiable information as defined in state law Chapter Number 473, Senate Bill Number 2220

Systems destined for surplus can be sanitized by the Surplus Sales personnel at no charge to the department. If the system is sanitized by Surplus Sales personnel, then they are responsible for ensuring that all data and software are sanitized prior to a system’s transfer off university property. Appropriate documentation shall be maintained for all systems processed through Surplus Sales.



Documents

Requirements for Sanitizing Electronic Data Storage Media – University of Tennessee, Knoxville Area Campus (Draft)
Procedure for Sanitizing Electronic Data Storage Media– University of Tennessee, Knoxville Area Campus (Draft)