Sensitive Information
Most of us deal with sensitive information on a daily basis whether it's our own personal information or confidential information about staff, faculty, students, donors, or alumni. It is important to consider how we store and access this confidential information to ensure that it is protected.
Policy
Appendix B of the Policy on Responsible Use of Technology covers "Information Security: Ownership, Right to Use, and Protection of Information."
There are 3 major areas covered by Appendix B:
- Protecting confidential information on electronic devices
- Protecting confidential information in printed materials
- Protecting confidential information in email or instant messaging
In the age of identity theft, we must be sure that any confidential information we have access to is protected against theft. That means that we are responsible not only for the protection of our own identity information, but also for the protection of the confidential information to which we have access.
What is considered confidential information?
It is important that each of use consider what could happen to the confidential information we work with in the event that it is lost or stolen. Confidential information can include but is not limited to the following:
- Names
- Addresses
- Social security numbers
- Phone numbers
- Salary and wage information
- Grades
- Sensitive correspondence
- Legal documents
- Health and disability information
- Credit card and bank account information
Your responsibilities in protecting confidential information
- Use a strong passphrase or password
- Lock your computer with a screen saver password
- Shut down your computer at night
- Shield your computer screen from displaying confidential information
- Protect printed confidential information
Only use secure connections when sending confidential information over the Internet or by email
Store confidential information in a protected area. Protect confidential information stored on any portable electronic medium (such as laptop or USB drive)
CIT's responsibilities in protecting confidential information
Remove confidential information when computers or electronic media containing that information are disposed of or redeployed.
Protect access to Calvin servers by use of firewalls and other authentication methods.
Provide encryption for your portable electronic devices.
Where the data is stored matters!
While information stored in some systems is secured by a passphrase, information stored on your local hard drive, or any portable electronic device, should be protected using encryption. Please contact the HelpDesk for information on encrypting portable electronic devices. These are considerations for those devices:
- Laptops can be stolen from your home or office or while you travel. If stolen, you not only lose the computer, but all data on it is now in the possession of someone who isn't authorized to have that information.
- Desktops can be stolen from your office. In addition, someone could steal information from your hard drive when you are not there and you may not even know that it happened.
- USB drives are very popular and are very easy to lose. What information are you putting on your USB drive that should not be seen by others?
- Smartphones are frequently used for storing or accessing information. You should consider password protecting your cell phone.
In general, any portable storage device or storage media can be lost or stolen. It is important that each person be aware of what personal information is stored on such devices and take appropriate steps to reduce the risk of identity theft.