What data need to be secured?
Any data that includes personally identifiable information should be secured.
What is personally identifiable information?
Personally identifiable information is any data about an individual maintained by an agency that can be used to distinguish or trace an individual‘s identity. Examples include the following:
- Full name, maiden name, or mother‘s maiden name
- Grades or transcripts
- Personal identification numbers such as social security number, passport number, campus identification number, driver‘s license number, taxpayer identification number, and financial account or credit card number
- Personal address
- Personal characteristics such as photos (especially of the face), fingerprints, or signatures
- Personal telephone numbers
- Information identifying personally owned property such as vehicle registration number or title number
- Information about an individual that is linkable to date of birth, place of birth, race, religion, weight, geographical indicators, employment information, medical information, education information, or financial information
(Reference source: http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf)
How should I securely store personally identifiable information?
All personally identifiable information needs to be stored on Fileserver and only for as long as necessary to complete a particular task. Delete data files that are no longer useful from your computer.
How should I share personally identifiable information?
Sending this information through email is not recommended. It is acceptable to fax if the recipient can receive the fax as soon as it is sent. Sharespace can be used to share data with others (access Sharespace at https://webapps.astate.edu/sharespace).
When working from home, what should I do to protect personally identifiable information?
Make sure that your home computer’s operating system and anti-virus is completely up-to-date at all times. Use VPN connections to connect back to campus. (If you do not know how to VPN, please contact the ITS Help Desk at 3933 for assistance.)
Do not store anything locally on your home computer unless it is a necessity. If you print personally identifiable information, use a cross-cut shredder to destroy the printouts immediately when you are done with the data.
What are the threats to the security of personally identifiable information?
Malware, spyware, Trojans, and viruses are software that runs without the knowledge or authorization of the owner of the computer. The effects of these unauthorized programs can vary from being annoying to retrieving data from the affected computer.
Symantec, an anti-virus software, (downloadable at http://www.astate.edu/a/its/software-downloads/) is available to ASU employees for free.
How should I securely store papers that contain personally identifiable information?
All employees who handle paper files should strive towards a “Clean Desk” policy. This means that when you leave your office unattended, there are no documents with personally identifiable information that are accessible to a visitor to your office. Keep all paper files locked away at all times and shred the files using a cross-cut shredder as soon as you are done with the data. Do not place the papers in the recycle bin.
How do I securely delete sensitive files from my computer?
We suggest Eraser, which can be accessed at http://eraser.heidi.ie
Eraser will securely delete sensitive files that are in your recycle bin. When you delete a file, your hardware will not actually delete the data but will write over the space over time. Using Eraser ensures the file is totally removed from your computer.
What should I do if someone asks me for my personal information or password?
If you receive an email or phone call that asks for your account information and personal data, disregard the email or hang up the phone. Contact the ITS Help Desk at 972-3933. ASU will never ask you to provide your password in an email. Never give anyone your passwords, social security numbers, birthday, banking information, or any other identifying information.