Skip to main content

One Step Ahead: Avoid Keeping Data Longer Than Necessary

Another tip in a series provided by the 
Offices of Information Systems & Computing 
and Audit, Compliance & Privacy.

While working with data at Penn is absolutely necessary to our everyday operations and mission, many people retain sensitive data longer than they need to. This is true for paper, computer files and email. Keeping data longer than necessary creates risks both to Penn and to the individuals whose data is being retained. Too often we read in the news about data breaches that involve compromised data that was many years old and kept longer than necessary. 

• Paper Files. Review your paper files containing confidential data and shred them when allowed based on applicable retention schedules (see below). To arrange for shredding, contact the University Records Center at (215) 898-9432. You can have any number of shredding bins placed and picked up based on your office’s needs.

•   Electronic Files (including email!). There are many tools to securely delete your files. Visit http://www.upenn.edu/computing/security/privacy/data_clear.php

• Records Cleanup Day. Spread good practices by hosting your own Records Cleanup Day. For information and tools to help plan a Records Cleanup Day, see http://www.upenn.edu/oacp/privacy/penndata/host-a-records-cleanup-day.html

Before securely disposing of information, make sure that it is no longer needed for teaching, research, service, operations or any other Penn-related function.

You should not shred or delete information that is an original and still within the University’s records retention requirements–please consult Penn’s Records Retention schedules:  http://www.archives.upenn.edu/urc/recrdret/guide1.html 

You should also not destroy any information if there is an actual or likely claim, lawsuit, government investigation, subpoena, summons or other ongoing matter involving such records. 

Finally, if you are disposing of a device or computer that contains Penn data, make sure the data is securely deleted or the device securely destroyed. For more information on securely disposing of computer hard drives see: https://www.isc.upenn.edu/how-to/secure-drive-disposal

________________________________

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/

Back to Top