Most of us deal with sensitive information on a daily basis whether it's our own personal information or confidential information about staff, faculty, students, donors, or alumni. It is important to consider how we store and access this confidential information to ensure that it is protected.
In July 2006, the Cabinet approved Appendix B of the Policy on Responsible Use of Technology that covers "Information Security: Ownership, Right to Use, and Protection of Information."
There are 3 major areas covered by Appendix B:
- Protecting confidential information on electronic devices
- Protecting confidential information in printed materials
- Protecting confidential information in email or instant messaging
In the age of identity theft, we must be sure that any confidential information we have access to is protected against theft. That means that we are responsible not only for the protection of our own identity information, but also for the protection of the confidential information to which we have access.
- What is considered confidential information?
It is important that each of use consider what could happen to the confidential information we work with in the event that it is lost or stolen. Confidential information can include but is not limited to the following:
- Social security numbers
- Phone numbers
- Salary and wage information
- Sensitive correspondence
- Legal documents
- Health and disability information
- Credit card and bank account information
- Your responsibilities in protecting confidential information
- Use a strong passphrase or password
- Lock your computer with a screen saver password
- Shut down your computer at night
- Shield your computer screen from displaying confidential information
- Protect printed confidential information
- Only use secure connections when sending confidential information over the Internet or by email
- Store confidential information in a protected area. Protect confidential information stored on any portable electronic medium (such as laptop, CD, DVD, or USB drive)
- CIT's responsibilities in protecting confidential information
- Remove confidential information when computers or electronic media containing that information are disposed of or redeployed.
- Protect access to Calvin servers by use of firewalls and other authentication methods.
- Provide encryption for your portable electronic devices.
- Where the data is stored matters!
While information stored in Colleague, KnightVision, and other systems is secured by a passphrase, information stored on your local hard drive, or any portable electronic device, should be protected using encryption. Please contact the HelpDesk for information on encrypting portable electronic devices. These are considerations for those devices:
- Laptops can be stolen from your home or office or while you travel. If stolen, you not only lose the computer, but all data on it is now in the possession of someone who isn't authorized to have that information.
- Desktops can be stolen from your office. In addition, someone could steal information from your hard drive when you are not there and you may not even know that it happened.
- USB Memory Keys are very popular and are very easy to lose. What information are you putting on your USB memory key that should not be seen by other?
- CDs work well for portability and/or for backups. If you store data on a CD, be sure you keep it in a safe place. Be sure to destroy a CD before disposing of it. The best way to destroy a CD is to take a key or other sharp object and scratch the surface thoroughly.
- Smart phones are frequently used for storing or accessing information. You should consider password protecting your cell phone.
In general, any portable storage device or storage media can be lost or stolen. It is important that each person be aware of what personal information is stored on such devices and take appropriate steps to reduce the risk of identity theft.