Disposal of confidential material
Materials that contain personal or sensitive data (both digital and print versions) must be securely disposed of in accordance with data protection requirements. Universities must process data in compliance with the duty of care principle.
All the units and functions must ensure that their staff know how to appropriately manage documents and files.
For example, personal data that is no longer required may not be retained but must be safely and securely disposed of.
The data lifecycle must be considered when storing data.
Classified and unclassified documents that are no longer needed must be destroyed as soon as possible after they are no longer required. At Tampere University/TAMK, the head of records management, data security coordinator and information security manager provide instructions for classifying and processing data.
The Records Management Unit provides information about the requirements that apply to the on-site archives of the units (such as access control and storage solutions).
The units must provide their staff with a locked room and/or cabinet for the safe storage of documents and data storage devices. In addition, a fireproof cabinet and storage media for backups should be kept in a separate space.
Confidential and restricted information must always be securely disposed of in accordance with the instructions issued by Tampere Universities. You should also destroy your own (working) copies immediately after you no longer need them.
When storing personal data, you must adhere to the requirements set out in the EU’s General Data Protection Regulation (GDPR) and the data protection policy of Tampere Universities. Remember that under the GDPR all personal data must be securely destroyed after it is no longer required. Data must be disposed of in accordance with the instructions provided.
Persons who process data must identify the type of data they process and be familiar with the data security requirements that apply to the processing, storage and disposal of such data.
Classified (identified) data can be divided into the following general categories:
- Public: disclosure would benefit the University.
- Internal: disclosure would not benefit the University.
- Confidential: disclosure would damage the University or its customer, student or employee.
- Restricted: disclosure would seriously damage the University or its customer, student or employee.
Read more about the classification and handling of data: Principles for classifying and handling data
Read more about the categories of personal data:
Read more about storing documents in electronic format: Records preservation
Deleting files from a computer or storage medium (such as a memory stick)
Remove files using the Delete command of your operating system.
Select the file your need to delete and click Delete. As deleted files usually go into the recycle bin, you should empty the recycle bin after deleting files. Follow the same procedure to delete files stored in the cloud; these files will also generally end up in the recycle bin, which is automatically emptied at regular intervals unless you empty the bin first.
Disposing of physical documents
You can destroy paper documents by shredding them if a shredder is available.
Alternatively, you can bring paper documents to the secure confidential waste containers that are spread across the campuses.
With questions about the disposal of confidential papers, please contact:
Facilities Management (waste containers and services): tila-helpdesk [at] tuni.fi.
Records Management (document disposal): tau [at] tuni.fi or tamk [at] tuni.fi.
Disposing of data-bearing devices
Place memory sticks and other media that must be securely disposed of in the designated secure electronic waste containers.
Deliver old phones to the IT Helpdesk (or to Campusta on the city centre campus and in the Arvo building).
Disposing of obsolete computers and peripherals
Bring obsolete computers and peripherals to the IT Helpdesk, which sends them to an external contractor to be scrapped and recycled.
Tampere Universities have outsourced the secure disposal of used computers and peripherals to a reliable external service provider. Redundant devices are placed in sealed containers to wait for transportation on campus. The devices are transported by a licensed and vetted carrier and handled in a locked and supervised disposal facility by screened and vetted personnel.
External service provider manages the scrapping and recycling of obsolete devices
Recycled computers are overwritten multiple times. Scrapped computers are crushed. Tampere Universities receive regular reports detailing the security measures performed on disposed equipment.