This content is viewable by Everyone

News

Destroy to Defend: The Hidden Power of Secure Disposal in Safeguarding Information

Save

The link to the IT Security Awareness Quiz is at the end of the article. Complete the quiz for an entry in a drawing for one of five $50 Amazon gift cards. 

Secure disposal is the process of rendering data, whether paper or electronic, unreadable by any means. This includes data, i.e., any UCSF Institutional Data, in all formats on any media (paper, mobile devices, databases, servers, laptops, etc.)  Although data breaches caused by improper disposal of information have been trending down in recent years, improper disposal continues to impact the healthcare and higher education sectors.   

Large-scale data breaches that make it into the news are only one type of data loss.  Consider the privacy impact if personal, healthcare, or financial data were not properly removed from devices that are discarded, leased-and-returned, disposed, retired, sold, or donated.  Not only privacy impact, but regulatory compliance is also at risk. 

At home, office & clinical locations, we are responsible for properly disposing of all forms of UCSF data at the end of its useful life according to the UC Records Retention Schedule. 

This is a necessary practice in staying compliant with applicable state, federal, and global data privacy regulations, including the California Privacy Rights Act (CPRA), which has adopted data minimization requirements in effect since January 1, 2023. 

Here is some helpful information to ensure you securely dispose of UCSF and your personal data. 

Secure disposal of paper media 

  • Use secure disposal bins. Your department manager can order one through BearBuy if you do not have a bin. UCOP is currently recommending Iron Mountain.  However, there are other shredding companies approved in Bear Buy, so please use the most appropriate one for your department.
  • The contact at Iron Mountain is: 

                                                             Sheila Poggi, Director, Public Sector Contracts 

                                                             [email protected] 

                                                             202-503-9806 

                                                             CalUsource #2018.000666 

  • If you cannot access a secure disposal bin, use a cross-cut shredder from a reputable company. They are available at most office supply stores. Documents shredded in cheap shredders can often be reconstructed. If you are working from home, you may need to ask your supervisor about purchasing one for home use.  

Secure disposal of electronic media 

Request help from the IT Service Desk or call 415-514-4100. IT will collect and arrange for the destruction of any electronic media (hard drives, CDs, tapes, etc.) that contain sensitive or restricted data, including PII (personally identifiable information) and PHI (patient health information). This service is free. 

Improper disposal of paper and electronic media 

It can have severe consequences. These include: 

  • Security breaches 
  • Significant fines and penalties for UCSF 
  • Harm to UCSF's reputation 
  • Personal liability for a security breach 
     

Additional tips 

Here are some additional tips to ensure you securely dispose of media: 

  • Never try to destroy your electronic media or devices yourself, as your method may not do so properly or render your data unrecoverable. 
  • Never dispose of paper with sensitive or restricted data (e.g., patient information, personal information, HR data, financial data) into regular trash or recycle bins. 
  • Always use secure disposal bins for paper media, including sensitive or restricted information. 
  • Use the UCSF IT secure disposal service for electronic data and devices.

Take the quiz on proper data disposal. The prize for passing the quiz is one entry in a drawing for one of five $50 Amazon gift cards. 

Additional Information 

For additional information, please visit: 

Related Information