OAR 166-017-0090
Records Destruction Requirements for Electronic Records
(1)
Electronic records which are confidential by law and negotiable instruments (even when cancelled or satisfied in writing) and records that contain sensitive, proprietary, or security information must be destroyed so that the image and confidential metadata are irreversibly non-retrievable, either through electronic or physical destruction as specified below:(a)
Electronic records stored on magnetic media must be degaussed or “bulk erased” and then irreversibly reformatted to ensure the data/information cannot be retrieved.(b)
Electronic records held on optical media may be destroyed by cutting, crushing, shredding, or other physical means of destruction. Rewritable optical disks must be irreversibly reformatted before being disposed of or re-used.(c)
Electronic records stored on hard drives or flash drives of personal computers and servers must be irreversibly reformatted before computers are disposed of. If the agency is unable to determine whether a hard drive or flash drive has been irreversibly reformatted, it must be physically destroyed.(d)
For additional guidance on data sanitation and destruction, refer to NIST SP 800-88, Guidelines for Media Sanitization and DoD 5220.22-M.(2)
Expungement of digital images stored on WORM optical media must conform to the Expungement of Information Recorded on Optical Write-Once-Read-Many (WORM) Systems (TR28-1991) which is incorporated by reference and is available from Association of Information and Image Management, 1100 Wayne Avenue, Suite 1100, Silver Spring, MD 20910 or the State Archives.
Source:
Rule 166-017-0090 — Records Destruction Requirements for Electronic Records, https://secure.sos.state.or.us/oard/view.action?ruleNumber=166-017-0090
.