Skip Navigation
small NCES header image
Forum Guide to Protecting the Privacy of Student Information: State and Local Education Agencies

4.F. Data Disposal

Retaining data beyond its useful life exposes an agency to unnecessary privacy risks. The written policies of records maintenance should include detailed procedures for records retention and disposal, as determined by an agency’s needs and legal requirements. Inappropriate disposal methods also threaten the privacy of the records. For example, records should not simply be erased or media reformatted. They should be overwritten with random binary codes. In addition, when an agency upgrades its networks and systems, data contained in the original systems could be exposed if the tapes, disks, and hard drives are not cleaned properly. Even if a vendor replaces a hard drive, the old one must be returned so it can be checked to ensure that it was properly cleaned.

Would you like to help us improve our products and website by taking a short survey?

YES, I would like to take the survey


No Thanks

The survey consists of a few short questions and takes less than one minute to complete.
National Center for Education Statistics -
U.S. Department of Education