Managing data protection
Adequately protecting data is one of the most challenging aspects of data management. When the University acquires, utilizes, maintains, or accesses data, it takes on an obligation to protect that data. Units and employees are responsible for ensuring that their actions do not expose data—and those who permit us to use their data—to excess risk.
Consider the following when managing data protection:
- Which data or devices need to be encrypted to prevent disclosure
- Which data, devices, or paper documents need to be disposed of securely
Guidelines for data protection
When managing data protection, follow these guidelines:
- Encrypt sensitive files.
Encryption is a process that renders data unreadable to anyone except those who have the appropriate password or key. By encrypting sensitive files (by using file passwords, for example), you can protect them from being read or used by those who are not entitled to do either.
- Encrypt portable IT devices with whole-disk encryption.
Similarly to encrypting individual files, encrypting a laptop, smartphone, or tablet protect data from exposure and misuse. Whole-disk encryption renders the device's contents unreadable, which helps protect data in the event that a device is stolen.
- Securely dispose of data, devices, and paper records.
When data is no longer necessary for University-related purposes, it must be disposed of appropriately.
- Sensitive data, such as Social Security numbers, must be securely erased to ensure that it cannot be recovered and misused.
- Devices that were used for University-related purposes or that were otherwise used to store sensitive information should be destroyed or securely erased to ensure that their previous contents cannot be recovered and misused.
- Paper documents containing sensitive information should be shredded rather than dumped into trash or recycling bins.