Page Comparison

Purpose

Part of proper data and device (asset) management is the secure deletion (sanitization) and destruction of data when it is no longer required for a project and not suitable for preservation or subject to retention or archiving requirements. 

Audience

Initial considerations

• Should my data be preserved or archived, rather than deleted?

On this page

Initial considerations

Data retention; preservation or archiving.

• Increasingly, there are legal, regulatory, and policy-based obligations or academic and public value to the long-term storage of data produced at the University.

Administrative data

• https://utarms.library.utoronto.ca/records-management/uoftfileplan

Research data

• https://onesearch.library.utoronto.ca/researchdata/retention-and-preservation

• What is the classification of the data stored on the device? https://security.utoronto.ca/framework/standards/data-classification/

\uD83D\uDCD8 What can I do?

Consult ethics protocols and other agreements.

• Is your data or your obligation to securely delete it covered by other binding documents or contracts?

Human ethics or animal use protocol.

• Ethics/use protocols will need to specify for how long your data is to be retained, if it will be deposited into a long-term solution, and how it will be securely deleted.

• If you are unsure about your obligations, please contact the relevant ethics unit.

  • https://research.utoronto.ca/ethics-human-research/ethics-human-research

  • https://research.utoronto.ca/ethics-animal-research-teaching/ethics-animal-research-teaching

Agreements (Data sharing [DSA], material sharing [MTA], etc.)

• Research contracts and agreements can include language around how data can be retained or how it should be deleted upon the conclusion of the contract, agreement, or project.

• Contact the relevant contract and agreements office regarding sponsor or data provider requirements.

  • https://research.utoronto.ca/research-innovation-agreements/research-innovation-agreements

Determine your data's classification.

• Classifying your data is the first step to knowing what methods are required to properly delete or destroy it.

  • Classify data

What can I do?

For confidential, sensitive, restricted, or regulated data (Level 3 or 4)

Windows

• Delete a file

  • https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete

  • https://eraser.heidi.ie/  

• Sanitize a device

  • See Cross-platform options. 

MacOS

• Delete a file

  • https://ss64.com/osx/srm.html

• Sanitize a device

  • https://support.apple.com/en-ca/guide/disk-utility/dskutl14079/mac

    • Choose “most secure” under “security options”

Linux

• Delete a file

  • https://man7.org/linux/man-pages/man1/shred.1.html

• Sanitize a device

  • https://man7.org/linux/man-pages/man1/shred.1.html

Cross-platform

• Sanitize a device

  • Your motherboard or drive manufacturer might provide a proprietary sanitization utility.

  • https://partedmagic.com/

  • https://dban.org/  

Cloud services

• Contact provider regarding secure data deletion pipeline.

Physical data

• Commercial shredding.

  • Ensure that you receive a Certificate of Destruction for your records

• • .

  • Contact your local IT group for recommendations.

    • https://handbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/Contact+us#Information-Technology-(IT)

For non-sensitive, non-public data (Level 2)

Windows

• Delete a file

  • https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete

• Delete all data from a device

  • https://support.microsoft.com/en-us/windows/create-and-format-a-hard-disk-partition-bbb8e185-1bda-ecd1-3465-c9728f7d7d2e

    • Do not perform a “quick format”.

MacOS

• Delete a file

  • Delete file and empty Trash .

• Delete all data from a device

  • https://support.apple.com/en-ca/guide/disk-utility/dskutl14079/mac

    • Do not select “fastest” under “security options”.

Linux

• Delete a file

  • https://man7.org/linux/man-pages/man1/shred.1.html

• Delete all data from a device

  • https://man7.org/linux/man-pages/man1/shred.1.html

Cloud services

• Contact provider regarding secure data deletion pipeline.

Physical data

• Office or commercial shredding.

For public data (Level 1)

Windows

• Delete a file

  • Delete file and empty Recycle Bin.

• Delete all data from a device

  • https://support.microsoft.com/en-us/windows/create-and-format-a-hard-disk-partition-bbb8e185-1bda-ecd1-3465-c9728f7d7d2e

MacOS

• Delete a file

  • Delete file and empty Trash .

• Delete all data from a device

  • https://support.apple.com/en-ca/guide/disk-utility/dskutl14079/mac

Linux

• Delete a file

  • Delete file

    • https://www.linux.org/docs/man1/rm.html

• Delete all data from a device

  • https://man7.org/linux/man-pages/man8/umount.8.html  and use https://man7.org/linux/man-pages/man8/mkfs.8.html

Cloud services

• Delete file within platform; wait for recovery period to

• expire.

Physical data

• Recycle and/or shred, if appropriate.