Sensitive data

As an employee of Indiana University, it is your responsibility to protect the data that you encounter every day. These concepts are basic steps are easy options for everyone to keep their content secure.

• Keep what you view on your computer screen private. Rotate your monitor or use a privacy screen to decrease the visibility of content to others.
• Take steps to keep hardware safe from theft. One of the most common ways data is exposed is through lost or stolen hardware. Steps to prevent hardware theft include:
  • Lock your computer down when stepping away from your workstation.
  • Store small devices out of view, preferably in locked drawers, when not in use.
  • Mobile devices used for institutional information must comply with the Mobile Device Security Standard.
• Use the IU VPN to secure all your network traffic whenever you work off campus.
• Keep data backed up based on solutions your department recommends. Having backed-up data protects you against losing all your work and makes it possible to retroactively-determine what sensitive data may be at risk should your computer be lost or stolen.
  • Do-it-yourself backup solutions pose risks and are discouraged. Use a backup service that guarantees data is backed up regularly and stored securely. Contact your local UITS support person for recommendations.

These steps are more specific requirements for those who work with more sensitive data classifications.

• Encrypt any stored passwords that are used to access confidential data. Passphrase vaulting is the practice of storing multiple passwords and passphrases behind a single, strong passphrase.
• Retain confidential data only as long as needed. That applies whether the confidential data is stored on your computer or a departmental file server. If you don’t need it, delete it!
• Always transmit confidential data securely.
  • If it is required by your role within the university, you can only send confidential data in an email (both body and attachment) if the messages is encrypted by a service such as Office Message Encryption (OME).
  • Microsoft at IU Secure Storage is a good approach for exchanging sensitive data with others at IU.
  • Secure Share (replacing Slashtmp) is a good approach for exchanging sensitive data with both others at IU and external users.
• Always store confidential data securely.
  • IU's top data storage recommendation (and requirement for institutional data) is: Microsoft at IU Secure Storage
  • Confidential data should only be stored on a file server if it is in a folder that can only be accessed by people authorized to see it.
  • Backups of confidential data are always subject to the same restrictions as the original data.

For more in-depth information about handling electronic information, consult the following documents:

Guidelines for Handling Electronic Institutional and Personal Information

Policy IT-12: Security of Information Technology Resources

Critical Data Guide

Data Protection and Privacy Tutorial