Best Practices for Handling Electronic Institutional and Personal Information
This material is meant as a guide for department administrators and technicians working to minimize the chances of an inappropriate disclosure of Indiana University institutional or personal information. This is not meant to be an all-inclusive document. Given the local departmental environment, there may be other resources that administrators and technicians must consult, and other actions they must take to maximize the appropriate protections afforded to data.
- Document and understand the local technical environment
- Document and understand the local data environment
- Know the classification/sensitivity of data being used
- Stop collecting data unnecessarily
- Stop storing data unnecessarily
- Store collected data on secure computers
- Ensure that persons in contact with the data understand their responsibilities
- Do not store collected data on various workstations
- Restrict access to sensitive data
- Make decisions in consideration of convenience of users of data and systems, but not at the expense of appropriate data protection
- Do not send sensitive data via email
- Immediately report situations where institutional or personal data may have been inadvertently released, to the University Chief Privacy Officer and Compliance Coordinator
- Other related material
Document and understand the local technical environment.
A department can't begin to protect electronic information without first knowing what technologies they have deployed, and what risks are associated with those technologies.
- Computer Systems by IP and name, including
- Operating systems
- Operating systems version and patch level
- Services active on each computer, such as
- File Transfer Protocol (FTP) server
- Telnet server
- Web server
- File server
- Applications Software, such as
- Local department applications
- Database Management Systems (DBMS), such as
- SQL Server
- Extensions to the local network segment
- Active/always-on modems
- RAS and other remote access services
- Wireless access
- Public access terminals and workstations
Document and understand the local data environment.
Information is easily collected and easily distributed. If there is no understanding of what data a department is working with, and where the data is located, and what sensitivity the data has, protections cannot be applied commensurate with risk.
- Identify data inputs, so sources and types of data can be determined:
- Web forms
- Paper forms
- Survey instruments
- Extracts from central mainframe
- Extracts from central decision support databases
- Other departments
- Identify the locations of collections of data
- Computer file system directories.
- Backup media
- List the data elements present in all collections (e.g., Name, Age, GPA, SSN, etc.)
- Diagram the flow of data between applications, forms, files, databases, and reports
- Identify the classification/sensitivity of the data
- Consult formal classification done by the data subject area Data Steward
- Make a local determination based on:
- Applicable protections under Federal or State law (student records or employee records, for example)
- Possibility that unauthorized disclosure would endanger the personal safety of an individual,
- Possibility that unauthorized disclosure cause damage to a person's professional or personal affairs if released (medical information, credit card information, and bank account information, for example)
- Possibility that unauthorized disclosure could create liability to the University
- Possibility that unauthorized disclosure could embarrassment to the University
- Possibility that unauthorized disclosure could cause liability or at least embarrassment to the University if it was released
Know the classification/sensitivity of data being used.
- Data must be protected commensurate with it.s sensitivity, which is determined by (primarily) legal and ethical protection requirements
- Each data subject area (e.g., financial, student, human resources, etc.) has an appointed Data Steward, who is available for consultation on data usage and classification issues
- Functional offices (Registrar, financial affairs, etc.) on each campus are positioned to better understand legal and ethical protections on data elements then are other offices who are secondary users
- Visit the Committee of Data Stewards' Data Management site
Stop collecting data unnecessarily.
- Social Security Numbers should be collected ONLY where that element is appropriate for the process
- Where it is the student or employee identification number that is required, those should be the terms used, and not Social Security Number. While it is true that the current identification number is most always the same as the SSN, semantics are important
- Do not collect any other information that is not necessary for direct support of the current process. If the data isn't collected and stored, it cannot be compromised
Stop storing data unnecessarily.
- If collection of Social Security Numbers or student/employee identifiers is absolutely necessary, do with them what is necessary and then delete the files