Privacy Matters
Private Personal Information: Protect It!
Working With It? Secure It!
Done With It? Delete It!
Already Read It? Shred It!
Done with It? Destroy It!

DON'T NEED IT? DELETE IT!

Don't Need It? Delete It!

Best Practices for Deleting Electronic PPI

The University has established procedures for retaining permanent records that include private, personal information (PPI) for employees, students, patients, etc. As a member of the University community, you may have access to this data and may find it necessary to make copies of these records to use in other applications. It is critical to establish procedures and practices for purging or archiving data, taking into account that requirements are established for maintaining, preserving, securing and accessing historical data.

Disposing of PPI

  • Minimize what needs to be deleted by carefully collecting only the information you need. Confirm that each piece of data serves a defined, legitimate and current institutional purpose. Produce the fewest number of copies necessary.
  • Redact fields that include information extraneous to the defined purpose at hand.
  • Promptly and properly dispose of files containing PPI from your computer hard drive when no longer needed.
  • Be mindful of the information collected in auxiliary databases or shadow systems and delete or disable these systems when no longer in use.
  • Be aware of regulations (such as HIPAA and GLBA) that are relevant to the collection and protection of PPI and how they pertain to your unit.

To securely delete information in a Windows environment:

To securely delete information on a Mac:

  • Use "Secure Empty Trash" command.
  • File shredder software such as ShredIt is also available

As a member of the University community, you may have access to private, personal information (PPI) for employees, students, patients, etc. It is essential that this PPI is protected.