Trending

BROWSE ALL TOPICS

Reduce PII Loss by Proper Disposal/Sanitization of Unclass Equipment

By DON CIO Privacy Team - Published, February 1, 2009

Privacy TipDuring the past year, the Department of the Navy has experienced problems relating to turning in excess information technology and office equipment that contain personally identifiable information (PII).

Disposed equipment most commonly found to contain PII includes: office desks, safes, file cabinets, copiers and computer hard drives. Recent audits by the Department of Defense Inspector General and the Naval Audit Service confirm that DON turn-in procedures have not been consistently followed, are inadequate or are out of date. While much of the turn-in process involves the Defense Reutilization Office (DRMO), Navy Marine Corps Intranet (NMCI) or other DON network owners, the local command or unit is responsible for information security, physical security and property accountability for all excess unclassified equipment awaiting sanitization, shipment to DRMO or release to another DoD component or donation activity.

The following is a list of lessons learned that should be considered by local commands or units when preparing equipment for disposal.

  • Use DRMS INST 4160.14, dated May 12, 2008, which provides guidance on the turn-in of excess equipment to DRMO.
  • Remove all drawers in desks and file cabinets to ensure stray documents are removed.
  • Ensure all lockable drawers or cabinets are open for inspection.
  • Refer to ASD Memo “Disposition of Unclassified DoD Computer Hard Drives,” dated June 4, 2001, which provides specific instructions on how to dispose of hard drives in the DoD.
  • Use NSA approved sanitization equipment to properly overwrite and degauss excess unclassified hard drives.
  • Ensure copier hard drives have been properly overwritten and degaussed.
  • Develop written policies and procedures to clearly define local command/unit roles and responsibilities.
  • Provide training for all personnel on how to accurately prepare and process excess unclassified IT equipment before forwarding to DRMO.
  • Use the web-based Electronic Turn-in Document (ETID) system for all equipment bound for DRMO.
  • Ensure verification labels are placed on all hard drives that have been degaussed and overwritten.
  • Keep accurate destruction and turn-in records for a minimum of five years.
For questions regarding privacy, contact Steve Muck, DON CIO Privacy Team lead, steven.muck@navy.mil.

TAGS: Cybersecurity, IDManagement, Privacy

Related Policy
Improving Critical Infrastructure Cybersecurity
Processing of Electronic Storage Media for Disposal
Reduction of SSN Use Within DoD
PKI Interoperability with FVEY Partner Nations on the NIPRNet
DON Public Affairs Policy and Regulations
Related News
DON IT West and East 2017 Conference Registration Now Open
Nominations for DON IM/IT Excellence Awards Due Dec. 5
DON CIO Awards Recognize Information Management and Information Technology Excellence
DON IT Conference Presentations Available
DON CIO Congratulates 2016 DON IM/IT Award Winners
Related CHIPS Magazine
Tech Support Companies Using Deceptive Pop-Up Ads to Scare Consumers into Purchasing Unneeded Service
Creating a Smart, Skilled Cybersecurity Workforce
Factsheet: National Background Investigations Bureau
DISA Announces Video Series for the National Background Investigation System
Senior Officials: DoD Supports Strong Encryption for Defense, Commercial Security
Related Resources
Personally Identifiable Information Posters
2014 PII Brief
Privacy Act System of Records Notices
DON Users Guide to Personally Identifiable Information
Inventory of DON Systems With Completed Privacy Impact Assessments
Related Industry News
New Pentagon Website Can Tell If You Were Hacked by China
Nextgov 
America Needs To Stay the Course on GPS Security
Space News 
5 Ways to Spot a Coerced Insider Threat
Nextgov 
For Today's Government Data Security, Trust no one
Government Computer News 
OPM Security Chief: You're Gonna Need a Bigger Boat
Federal Computer Week 

DON CIO Information

Online Services & Community