Disposal of Detroit Mercy Protected & Detroit Mercy Sensitive Data Policy

Scope:

This policy covers the disposal of all Detroit Mercy Protected data and all Detroit Mercy Sensitive data, regardless of the storage medium. 

Purpose:

The purpose of this policy is to provide departments and users with the standards for disposing of Detroit Mercy Protected data and with options for disposing of Detroit Mercy Sensitive data.

Policy:

Detroit Mercy Protected data paper documents

All Detroit Mercy Protected data that exists in paper document form must be disposed of by shredding. All documents should be dropped off in designated containers that will be shredded by a licensed and bonded document destruction company. If a department does not have access to designated shredding containers, the department head or their designee shall contact Purchasing to arrange for shredding services or to purchase an individual shredder that meets or exceeds the Shredder Standards set in the appendix.

Detroit Mercy Sensitive data paper documents

The method of disposal for Detroit Mercy Sensitive data that exists in paper document form is left up to the department that produced those documents. They can either opt either to use the shredding option that is used in the department for Detroit Mercy Protected data in paper document form, or they can choose to take no additional steps in disposing of the documents, disposing of them the same way they dispose of Detroit Mercy Public data that exists in paper document form.

Detroit Mercy Protected data electronic documents

All media containing Detroit Mercy Protected data in electronic document form should be sent to the University Information Security Office (UISO) for secure deletion. UISO will delete the Detroit Mercy Protected data from the media in accordance with the current ITS Secure Deletion Procedure.  Any media which cannot be processed according to this standard will be destroyed by UISO.

Detroit Mercy Sensitive data electronic documents

The method of disposal for Detroit Mercy Sensitive data in electronic document form is left up to the department that produced those documents. They can either opt to use the secure deletion option that is used for Detroit Mercy Protected electronic documents, or they can choose to dispose of them through the same method used by the department to dispose of Detroit Mercy Public data in electronic document form.

Detroit Mercy Protected data documents taken outside of Detroit Mercy

Any paper or electronic documents containing Detroit Mercy Protected data that are taken outside of Detroit Mercy by employees, student employees, consultants, or agents of the University of Detroit Mercy must be returned to Detroit Mercy for proper disposal as outlined above.  Any paper or electronic documents containing Detroit Mercy Protected data that are taken outside of Detroit Mercy by parties who are contractually bound to handle data produced by Detroit Mercy must dispose of paper documents through a bonded and licensed document destruction company, electronic documents through a method that meets or exceeds the standards in the ITS Secure Deletion Procedure, or return the documents to Detroit Mercy for proper destruction as outlined above.

Detroit Mercy Sensitive data documents taken outside of Detroit Mercy

Any paper or electronic documents containing Detroit Mercy Sensitive data that are taken outside of Detroit Mercy by employees, student employees, consultants, or agents of the University of Detroit Mercy should be disposed of in a manner consistent with the originating department’s method of disposing of paper documents containing Detroit Mercy Sensitive data or returned to the department for proper disposal. Any paper or electronic documents containing Detroit Mercy Sensitive data that are taken outside of Detroit Mercy by parties who are contractually bound to handle data produced by Detroit Mercy must dispose of paper documents through a bonded and licensed document destruction company, electronic documents through a method that meets or exceeds the standards in the ITS Secure Deletion Procedure, or return the documents to Detroit Mercy for proper destruction as outlined above.

Questions about this policy

If you have questions about this policy, please contact the ITS at its@udmercy.edu.  

Policy adherence:

Failure to follow this policy can result in disciplinary action as provided in the Student Handbook and Employee Policies & Procedures. Disciplinary action for not following this policy may include termination, as provided in the applicable handbook or employment guide.

Exceptions:

Exceptions to this policy will be handled in accordance with the Acceptable Use & Security Policy.

Appendix

Shredder Standards

All shredders used to dispose of Detroit Mercy Protected data must meet the following standards:

  1. Type of cut - All shredders should be cross-cut or confetti-cut shredders.  Strip-cut shredders are not permitted.
  1. Size of cut - All shredders should produce shreds that are no larger than 5/32" by 1." Shredders that produce larger shreds are not permitted.

Large amounts of paper documents

Departments that will be shredding large amounts of paper documents, either on a one-time basis or on an ongoing basis, should use the University's contracted shredding service instead of individual shredders located within Detroit Mercy departments.

Bonded shredding service

Detroit Mercy uses a contracted 3rd party to provide bonded shredding services. Departments wishing to employ their services should contact the Purchasing department.

ITS Information Security team contact information

For any questions regarding the ITS Secure Deletion Procedure or to arrange to have devices picked up for secure deletion, contact the Help Desk at helpdesk@udmercy.edu.

Policies referenced

History:

  • June 1, 2021: Initial Policy