Take home message: It is acceptable to destroy documents provided there is no obligation to preserve them; and in some cases, U-M is obliged to destroy or delete information (including under contracts). If in doubt about whether something can (or should) be destroyed, it is always best to ask University Archives and Records or the Office of the General Counsel for guidance before destroying the document. U-M units are required to securely delete institutional data on devices and storage media declared as surplus.
- For information about the circumstances in which records must be retained and/or preserved, see our University Records compliance page and Preservation compliance page.
- Where there is no obligation to preserve documents, it is generally acceptable to destroy documents. If in doubt, it is always best to ask University Archives and Records or the Office of the General Counsel for guidance before destroying documents – or, for special types of records such as grant files, personnel files etc, contact the offices that manage those records (as outlined on our Preservation page).
- Secure deletion or destruction of data on devices no longer needed protects U-M and individuals from unauthorized disclosures or breaches of institutional and personal data.
- Electronic Data Disposal and Media Sanitization (Data Security-DS-11) requires all institutional data to be permanently erased from any U-M owned electronic device (e.g., computer laptop) or storage media (e.g., external hard drive) prior to transfer within the university or other disposition. U-M Property Disposition has sole responsibility for the disposition of university-owned property, per Acquisition, Use and Disposition of Property (SPG 520.01). Units, departments, or individuals with U-M owned devices must either a) sanitize the devices using the procedure and method described in Securely Dispose of U-M Data and Devices, or b) have Property Disposition do the sanitizing and be charged for their sanitization service. Paper records with sensitive university information that no longer need to be retained should be shredded.
- Sometimes, U-M is obligated by regulation to destroy or delete information – In addition to being a widely accepted security and privacy practice, effective media sanitization is required by some regulations that the university is obligated to follow, including HIPAA, GLBA, and ITAR and EAR (export control), as well as by government-funded research grants or contracts. Some contracts may require the destruction or return of information, data or equipment once a project has been completed.
- The University creates a great deal of historical records which need to be retained for future reference and future generations and made accessible for their historical and administrative value. See the University Archives and Records Program website and our Preservation compliance page for more information.
- However, the University also creates a lot of records with no enduring historical value, and no legal or fiscal significance. Given the sheer quantity of records that the University creates, it is not only acceptable but desirable to periodically dispose of records that have no value in being retained.
- When disposing of records that contain personal, private or sensitive information, be sure to follow the guidance on the Safe Computing website – erase personal devices before disposal – about how to properly and completely destroy that information, and avoid possible privacy breaches.
For assistance with issues related to the management and disposition of University records, please contact the Records Management Program by emailing them at U-M records.
For assistance with privacy issues, and destroying sensitive information appropriately, you can find contacts on our separate Privacy & Confidentiality page.
Established 3/4/11, last updated 7/19/18 – Contact us if you believe any information is incorrect or outdated