Each agency must determine if hardware/media contains any sensitive data prior to disposal (scrap, destroy, transfer or rental/lease return). If hardware/media contains sensitive data, one of the following methods must be used prior to disposal.
A. Physical Destruction This is the primary method that should be used for the disposal of data storage devices containing sensitive data. The intent is to completely destroy the data storage device beyond any possibility of data recovery.
1. The agency should perform a complete and permanent elimination of data on the data storage device.2. Physical destruction of data storage devices is performed by shredding, disintegrating, incinerating, pulverizing, and melting the data storage device3. If a third party is contracted for the disposal of the data storage device, a certificate of destruction must be obtained.B. Overwriting This method should be used in cases of exception when physical destruction of data storage devices is not reasonable or is prohibitive.
1. Agencies may sanitize magnetic media (i.e. hard disk) by an overwriting process, whereby a software utility writes a combination of characters (usually 0s and 1s) over each location on the data storage device multiple times.2. This process obscures the previous information, rendering the data unreadable. Agencies must overwrite the device a minimum of three times prior to disposal.3. To verify the overwriting process, agencies should attempt to recover the data by one or more commercially available "data recovery utilities".4. Simply erasing and reformatting a data storage device is not a permissible method of sanitizing a data storage device before disposal. Miss. Code Ann. § 25-53-1 to § 25-53-25