Every employee is responsible for protecting institutional data and understanding the laws governing the release of data. We recommend that employees receive personal training on privacy laws and best practices for protecting data at IU before receiving access to restricted data.
Data privacy month 2022
January 31st is Data Privacy Day and kicks off a month-long occasion focusing on the importance of online safety, security and privacy in our daily work. We encourage you to take a look at the resources provided by staysafeonline.org and take a moment to consider ways you can improve your privacy and security practices.
Keep data secret and safe
The following data elements require the highest level of protection. Please note, this is not a comprehensive list, but can be used as a guide for identifying data assigned the restricted and critical-data classifications.
The Committee of Data Stewards is developing a data storage and handling tool that will help to evaluate the best method to store or send student data.
- Know who has access to folders before you save restricted or critical data.
- Do not store sensitive data in locations that are publicly accessible from the Internet. If you can access it without a password, so can others.
- Mobile or portable devices even for email use should be protected by a passcode and encrypted. Laptops, smart phones, and memory sticks can be lost or stolen, and if unencrypted can result in a data breach.
- Follow IU's passphrase requirements and NEVER share your passphrase, use it for other services, or save it in memory!
- If sensitive data is no longer needed, don't retain it! Know your department's retention and disposal policies.
- Be on the lookout for phishing scams. If you receive a suspicious email forward it to firstname.lastname@example.org.
- Run anti-virus and anti-malware tools routinely and alert IT staff if you encounter issues.
- Do not use unencrypted wireless connections when working with or sending sensitive data. VPN and IUAnyWare are secure options.
- Do not send confidential data in an email unless the data is encrypted using Secure Share for critical data or CSEES.