Destruction

Destroying records at the end of their retention period reduces the cost of storage, improves efficiency, demonstrates​​​​​ compliance with MIT policies and retention laws and regulations, and minimizes the Institute’s exposure to risks associated with over-retention – including data breaches.

• Medium and high risk information must be securely deleted or shredded, not thrown away or recycled.
  • Use the recycling bin only to dispose of records intended for open distribution at the time of their creation, such as publications.
• Consider creating a spreadsheet or using a destruction documentation form to document the types of records you destroyed, their date range, and the destruction date.
  • Keeping a detailed record of what you destroy provides evidence of consistent records management in the event of an audit or investigation.
• Do not destroy records that are currently part of – or that you are aware are going to be part of – any legal action or proceeding, litigation, audit, investigation, or review.
  • Any documents – including email – covered by a preservation request must remain accessible until further notice from the Office of the General Counsel.

Digital destruction

See IS&T’s resource Removing Sensitive Data.

Physical destruction (paper and media)

For regular shredding – or one-time shredding of large volumes of paper and media – we strongly recommend using Shred-it, MIT’s preferred vendor. For more information, see IS&T’s resource: How do I shred sensitive data files?

For occasional shredding of small volumes of paper, an IS&T-approved cross-cut shredder may be sufficient.

Destruction of records stored at Iron Mountain

If your office stores non-permanent records offsite, contact us at rmprogram@mit.edu to generate a list of boxes that have reached their destruction dates. The Records Management Program will work with your Records Management Liaison to approve and facilitate shredding.