Whose data are you protecting?
Prospective Students Prospective Employees
Current Students Current Employees
Past Students Past Employees
Alumni Continuing Education Students
Do you fall into one of these categories? If you do, then you’re protecting your own data!
What information is sensitive?
Any data protected by FERPA, HIPPA, or any other legislated act. Here are some examples (this is not the entire list of data that is considered sensitive).
The Big Three
• Social Security Number
• Birth Date
• Degree data
• Registration (including transcript data)
• All Financial Aid data
• Mother’s maiden name
• Bank ISO and credit card numbers
• Health history
• Giving history
• Veteran Status
• Leave information
• Medical or health insurance
• Disciplinary information
• Performance evaluations
Sensitive Data Rules
- Store Social Security Numbers, birth dates and/or credit card numbers on your computer
- Store sensitive student or employee data, especially social security numbers and birth dates, on any department computers (servers, desktops, laptops), PDAs, CDs, or USB drives.
- Email files containing sensitive data
- Request Social Security Number and/or birth date on web forms unless authorized by a data custodian and transmitted on a secure web connection approved by the University Security Administrator
- Assign students or student employees query or download ability to sensitive data files
- Share your ID and password
- Authorize your staff to access sensitive data unless it’s absolutely required
- Provide sensitive data to another staff member
- Store sensitive data on the IS&T provided network server
- Password protect files in those rare instances when they must be emailed (no Social Security Numbers and/or birth dates)
- Become authorized and knowledgeable on how to obtain sensitive data from the system
Use the following chart as a quick guide for information storage:
|Classification||-on site-||-on site-||-cloud-||-cloud-||-cloud-|