Close
Purpose:
When you need to delete data, it is important to do so securely and accountably, reducing the risk of mistakes and ensuring there is evidence that the deletion has been completed.
1. Check any contractual or legal requirements
Before deleting, ensure there are no contracts, agreements, or legal obligations that require specific deletion procedures beyond standard practice.
2. Obtain authorisation
The Information Asset Owner (IAO)—usually the Principal Investigator (PI)—must authorise deletion.
An email from the IAO is usually sufficient and should clearly state:
Which data to delete
Its location(s)
Explicit authority to delete the data
3. Delete the data securely
Different systems have different deletion methods. Simply deleting files and emptying the bin does not remove the underlying data.
Seek advice from the team managing the system to ensure the data is irretrievably deleted.
Record the deletion process, including time and date.
If possible, have a witness verify that:
The correct authorisation is in place
The correct steps have been followed
The deletion is complete
4. Keep a record
Provide the deletion record to the IAO and retain it as proof of deletion.
For guidance on record retention, see the UCL Records Office Retention Schedule.
5. Additional guidance
For more detailed information on secure data deletion, visit: UCL Data Deletion Policy.