Information Security Office
Data Protection: How to Get Started
Identify data under your control
Places to look: desktop hard drive, laptop, file servers, web servers, PDA’s, cell phones, and storage media. These include disks, flash drives & USB keys, CD’s & DVD’s, and paper documents.
Inventory what is stored
Look for sensitive information such as Social Security Numbers, financial information (such as credit card numbers,) student identification numbers, driver’s license numbers, medical or geographically identifiable information.
Decide if you need to store & process this information
For example, is it really necessary to store Social Security numbers or can they be accessed elsewhere? If SSN’s are necessary, can you redact these numbers to only show the last 4 digits?
Dispose all Social Security & credit card numbers, access codes, driver’s license numbers, bank account numbers that you ABSOLUTELY cannot do business without storing yourself. Look for ways to access secure data resources that contain the information you need to complete the necessary purpose.
Once data has been identified for disposal, use secure disposal technologies. For examples: shred sensitive paper documents, securely wipe hard drives and flash drives, and destroy storage media containing sensitive information that is no longer needed.
Use encryptions technologies to encrypt sensitive data on hard drives and USB keys. PGP is the supported encryption technology at BGSU.
Stop and Think
When you come across Social Security numbers, credit card numbers, bank account or financial information, driver’s license numbers or other sensitive information, ask these questions:
Why do I have this data?
Is the data absolutely necessary a business requirement?
If absolutely necessary, handle confidential data securely, appropriately and double-check addresses and phone numbers before securely transmitting or transporting.
If not absolutely necessary, DISPOSE of securely. If confidential information was sent to you and it is not necessary; contact sender immediately. Tell them to stop sending confidential information to you!