Tamara, I recommend that you keep your authorization process the same for
paper and electronic records to maintain consistency:  what is to be
destroyed, name of person authorizing the destruction, date of destruction;
and, name of person completing the destruction and acknowledgement that the
required procedure was followed.  The actual process of destruction will
differ for various media/format types, and those processes should be
documented in a procedure for records destruction.   You could include a
copy of the authorized procedure for a signature of the person
acknowledging the procedure used for each destruction process.

The level of destruction is an interesting question.  Destruction should
mean the elimination of any part of the record being discovered and made
readable by any possible means.  That is why most paper destruction uses
the cross cut procedure because it is known that it is possible to recreate
a document from strip shredding.  So your question to the IT department is
what method will eliminate the possibility of any forensic professional
discovering and/or accessing the data.  Remember hitting the Delete button
does not equal destruction.  If it is your name/address/social security
number in the system what process will guarantee a complete "destruction"
of the data?
Good luck,​

Mary

Mary W. Haider, MBA, CRM
Records & Information Manager and Consultant
[log in to unmask]
865-983-1371

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]