Written Destruction Procedures
Establishing a written procedure will help to assure everyone involved that the municipality has planned ahead and thought through the entire process of PC/data disposal. The plan should include the method of removing the data from all IT equipment so you can be assured that unencrypted data is not leaving your organization unintentionally. This policy should include a list of equipment that you know has or could potentially contain sensitive information. It could include copiers, fax machines, servers, laptops, smart phones, desktops or basically anything that contains a disk drive (memory) and stores information. You would also want to outline the basic process for each device. For example, you could use the same process for all of the hard disk-based equipment, but you might have to use a different process for a smart phone. Next, you would outline the process you will use to auction or donate the equipment. This could include your method of selecting the receiving entity.