State Electronic Media Cleaning Guidelines
Arkansas state government holds some of the most sensitive information collected about individuals and businesses related to child protection, domestic abuse, foster care, welfare, trade secrets, law enforcement, health, earnings, social security numbers, credit card numbers and home addresses. Currently, sensitive information held by Arkansas state government in electronic form can be found on laptops, thumb drives, PDAs (personal digital assistants), backup tapes, emails and other electronic media. Agencies, boards and commissions must remove all data and software from electronic media prior to recycling or disposal of state electronic media. The State Cybersecurity Office recommends that agencies follow the federal standards for media sanitization.
NIST Special Publication 800-88: Guidelines for Media Sanitization
The federal government classifies information according to the Standards for Security Categorization of Federal Information and Information Systems. Arkansas state government follows the Arkansas Data and System Security Classification Guidelines.
Arkansas Data and System Security Classification Guidelines
Accompanying guidelines exist for organizations to classify information and systems.
When agencies are determining where to send used equipment, the Arkansas Computer and Electronic Solid Waste Management Act (Arkansas Code § 25-34-101 through 111) must be followed. The Act directs agencies to create policies that mandate that all hard drives of surplus computer equipment be degaussed, cleared of all data and software, and be otherwise prepared for sale within ninety (90) days after replacement. Degauss is defined in the law as the complete removal of information from the hard drive of a computer. The following link provides guidance for the development of agency policy for computer disposal.
Creating a Policy for the Management and Sale of Agency Surplus Computer Equipment