This policy is designed to ensure that members of the University community dispose of (or transfer) Brown-owned electronic equipment properly and in accordance with government standards and regulations. The purpose of this policy is to define the standards for transferring or disposing of electronic devices that are generally used for electronic storage or transfer of information, accounting for both the devices' capacity to store sensitive information and the hardware's many components that are considered hazardous waste. These standards are designed to minimize the potential exposure to Brown University and our community from damages that could result if equipment is not disposed of properly.
This policy applies to all members of the Brown University community who transfer or dispose of electronic devices including computers, keyboards, monitors, copiers, scanners, fax machines, printers and other peripheral devices. The policy applies to university-owned electronic equipment (including those devices purchased with grant funds).
3.1 Appropriate Methods for Transfer or Disposal
Equipment must be transferred or destroyed using the Declaration and Recycling of Surplus Computer and Related Equipment Form referenced on the Disposition of Brown University Surplus Property page. Each department is responsible for ensuring that equipment leaves the department following proper protocol, as outlined in the above document. Equipment capable of storing data must be "sanitized" before it is transferred to another user (inside or outside of Brown).
For transfers within or between departments of equipment that can store data, the transferring department is responsible for the sanitization of equipment as outlined in CIS's recommendations for data removal. For the purpose of this policy, sanitization refers to data purged or erased utilizing at least a three-pass binary overwrite method. For equipment that cannot be sanitized via this method, all data must be deleted or the device reset to factory defaults (e.g., some cell phones).
The security and responsibility of the equipment remains with the department until the equipment is picked up for disposition.
While it is recommended that equipment leaving the department for disposal undergo a general data purge, a designated vendor will be responsible for the thorough destruction of data to prevent it ever being recovered by an unauthorized party.
3.2 Responsibility for Transfer or Disposal
Every piece of electronic computing equipment at Brown has an associated owner who is either the end user or the Departmental Computing Coordinator.
Owners are responsible for ensuring that when they dispose of their electronic equipment, they follow the relevant standards set in this policy. Donations require additional paperwork, available from the Purchasing web site. Some departments may assign the responsibility for transfer or disposal of electronic equipment to the Departmental Computing Coordinator or the Departmental Systems Administrator.
Violations of environmental laws are to be handled by the Department of Environmental Health and Safety, in concert with Human Resources, Campus Life or other disciplinary bodies at the University, dependent upon the situation. Violations of Information Security requirements are to be handled through the same disciplinary channels, with support from the Chief Information Security Officer.
4.0 Related Policies and Links
Questions or comments to: ITPolicy@brown.edu
Interim Effective Date: July 22, 2004
Final Version Date: March 8, 2005
Last Reviewed: March, 2014
Next Scheduled Review: March, 2016