Before disposing of any device or media, you should take steps to make sure you have removed all personal and other sensitive data from it. Vulnerable data that might be stolen from a device could include your bank or investment account number and password, your credit card numbers, information in databases, spreadsheets, tax software, and data from research projects.
If you use your personally owned devices to access or work with sensitive U-M data, you are expected to
- Secure them in compliance with Security of Personally Owned Devices That Access or Maintain Sensitive Institutional Data (SPG 601.33). For guidance, see Your Responsibilities for Protecting Sensitive Data When Using Your Own Devices.
- Erase them and/or delete U-M data when transferring or disposing of them. See Erase Personal Devices Used for U-M Work below for details.
Do It Yourself
See these how-to instructions for securely deleting data from university or personally owned computing devices and storage media.
- Securely Erase a Hard Drive with @ActiveKillDisk (Windows, Mac, Unix/Linux)
- iOS: Restore your iPhone, iPad, or iPod to factory settings (Apple)
- Android: See item: Before You Sell or Give Away Your Device… in the Management section of Secure Your Android Device
- Chromebook: Use Powerwash to erase your device. See: Before You Sell or Give Away… in the Management section of Secure Your Google Chromebook
Have Tech Repair Do It for You
ITS Tech Repair at the Tech Shop offers Secure Device Sanitization services for individuals and U-M departments, as well as assistance moving data to a new device if needed.
Securely Delete Files from Computers
Physical Destruction of Devices or Media for Secure Disposal
When devices or drives are inoperable, it may be necessary to destroy them to ensure secure disposal. Destruction may also be required by some laws or regulations governing certain types of data. See Destroy Devices and Media for instructions.
Erase Personal Devices Used for U-M Work
If you use a personal device to access or work with U-M systems and/or data—whether you received a U-M stipend for it or not—you must properly delete U-M files and data and securely erase the device at end-of-life or before transfer. This reduces the risk of unauthorized disclosure of sensitive institutional data or personal information.
Security of Personally Owned Devices That Access or Maintain Sensitive Institutional Data (SPG 601.33) has a provision that states:
Data Return/Deletion: Users shall return or delete sensitive institutional data maintained on personally owned devices upon request from the University or when their role or employment status changes such that they are no longer an authorized user of that data.
If you are a U-M employee in a department that permit accessing sensitive U-M data on personal devices, delete U-M data or erase devices as appropriate:
- If keeping a device after transferring to a different U-M unit or leaving U-M entirely. With the support from your unit's IT staff, remove or delete U-M data, documents, databases, and licensed software specific to your unit by selective deletion rather than resetting to factory default.
- If disposing of a device.
- Transfer or back up personal files, data, photos, and so on to new location if not already saved to cloud storage.
- Follow the steps under Erase Computers and Mobile Devices above.
Michigan Medicine faculty, staff, and students with personal devices enrolled in Mobile Device Management should immediately report lost or stolen devices via the Michigan Medicine Help Center (help.med.umich.edu) by submitting a ticket.
Members of the Michigan Medicine community who are preparing a personal device for resale, transfer, or recycling should un-enroll their devices from Mobile Device Management.