Best Practices for Information Security

Best Practices for Information Security involve protecting both physical and electronic confidential information.

 

Examples of confidential information include, but are not limited to, the following:

  • Social security numbers (SSN)
  • Date of birth
  • Motorist identification number
  • Credit card numbers
  • Bank account numbers
  • Medical information
  • Educational records
  • Information (including directory information) made confidential by written request.

 Protecting printed confidential information

  • Don't leave documents unattended and in plain site.
  • Keep confidential documents under lock and key.
  • Do not send confidential information through campus mail. Hand deliver in a sealed envelope marked confidential.
  • Archive documents not in use but still requiring retention and mark them with an expiration date and destroy when expired.
  • Destroy (shred) documents no longer needed.
  • Securely store documents to be shredded. Do not use a "to be shredded" box in plain site. 
  • When feasible, move toware electronic copies of paper documents.
  • Be knowledgeable of record retention policies. Destroy records no longer needed.

Protecting electronic confidential information

  • Do not store confidential information on your individual computer or portable devices such as a USB key or CD. Store these files on the server. Storing Social Security numbers, bank account numbers, and credit card numbers on your individual computer or portable device violates college policy.
  • Password protect files containing confidential information.
  • Do not email confidential information.
  • Delete files containing confidential information when no longer needed.
  • Use controlled access server space to share confidential files between personnel and offices.
  • Be knowledgeable of record retention policies. Destroy records no longer needed.

 References

Confidential Information Policy 1-005

Social Security Number Policy 1-020

Desktop Security at Geneseo