Protecting Sensitive Information
Best practices for information security involve protecting both physical and electronic confidential information.
Examples of confidential information include, but are not limited to, the following:
- Social security numbers (SSN)
- Date of birth
- Motorist identification number
- Credit card numbers
- Bank account numbers
- Medical information
- Educational records
- Biometric data
- Usernames and passwords
- Information (including directory information) made confidential by written request.
Protecting printed confidential information
- Don't leave documents unattended and in plain site.
- Keep confidential documents under lock and key.
- Do not send confidential information through campus mail. Hand deliver in a sealed envelope marked confidential.
- Archive documents not in use but still requiring retention and mark them with an expiration date and destroy when expired.
- Destroy (shred) documents no longer needed.
- Securely store documents to be shredded. Do not use a "to be shredded" box in plain site.
- When feasible, move toward electronic copies of paper documents.
- Be knowledgeable of record retention policies. Destroy records no longer needed.
Protecting electronic confidential information
- Do not store confidential information on your individual computer or portable devices such as a USB key or CD. Store these files on the server. Storing Social Security numbers, bank account numbers, and credit card numbers on your individual computer or portable device violates college policy.
- Do not enter confidential information into a non-secure electronic form (e.g. Google forms)
- Password protect files containing confidential information.
- Do not email confidential information.
- Delete files containing confidential information when no longer needed.
- Use controlled access server space to share confidential files between personnel and offices.
- Be knowledgeable of record retention policies. Destroy records no longer needed.