Deletion of data includes the disposal of electronic and physical media, as well as electronic files. Once a data point is collected, it is very hard to delete it from existence. User data can even be exposed by not properly disposing of electronic equipment. There have been cases where sensitive information has been pulled from discarded copy machine’s hard drives! Along with proper electronic equipment disposal, make shredding a regular part of your library’s healthy privacy practices. Any paper that includes a user’s PII (including email) should be shredded.
Have a shredding party! Schedule a time for staff to bring paper documents containing user data to shred at their location (staff should not travel with documents containing PII). If the library does not have access to a shredder, there are companies that will shred for a fee.
Hard drives or disks no longer in use should be destroyed. If there are plans to reuse a drive that contained user data, ask the IT department to help wipe it before use.