Confidential data refers to business sensitive, personally identifiable information (PII) or otherwise regulated data not intended for disclosure outside the organization.
The University of Dayton is required to comply with regulations such as:
- Family Educational Records Protection Act (FERPA)
- Health Information Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standards (PCI-DSS)
Members of the Chaminade community have a responsibility to:
Understand if your files contain sensitive data
Faculty and staff at Chaminade use a wide variety of electronic information to facilitate University business. While much of this information is public, misuse of restricted or sensitive data could substantially damage Chaminade’s reputation or put our institution at legal and financial risk.
- Regulated or Personally Identifying Information (PII): Information to which access must be restricted due to contractual or legal/regulatory considerations. Examples: student academic record (FERPA), social security numbers, credit card data (PCI), personal health information (HIPAA)
- Business Sensitive: Information of value to Chaminade or which, if lost, might adversely impact our environment. Examples: Proprietary research, pay scales and donor data
- Public: Information with no existing local, national or international legal restrictions on access. Public information may or must be open to the general public. Examples: course catalog, directory information
Locate Personally Identifiable Information (PII)
Tools that assist in finding personally identifiable information include:
- Cornell Spider – http://www.it.cornell.edu/services/spider/howto/index.cfm
- IdentityFinder – http://www.identityfinder.com/us/Home/Free (personally owned machines only, free version may not be used on Chaminade owned computers or laptops)
Managing Chaminade Data
If you work with regulated or business sensitive data, take measures to ensure it’s stored properly.
TIPS FOR STORING REGULATED AND BUSINESS SENSITIVE DATA
- DO NOT use consumer cloud solutions such as Dropbox, SkyDrive, etc. for Chaminade data.
- DO use Google Apps for Public, Business Sensitive and for FERPA data.
- DO NOT over share – make sure you’re only sharing files and folders with those authorized to see the content.
- DO store Chaminade data on Chaminade’s shared drives and other servers specifically identified to process and store Chaminade data.
- DO NOT store Chaminade data on personal devices before consulting with IT&S (people using personal devices to store institutional data must meet the same security standards as institutionally owned devices)
- If in doubt, contact the Chaminade Help Desk.
Managing Personal Data
You should take precautions to ensure your personal data is stored properly.
TIPS FOR STORING PERSONAL DATA
- What to Save: Anything you’d shed tears over if it disappeared for good (e.g. that book you’ve been working on for the last three years)
- When to Save: Depends on you. If it’s something really important that changes frequently, back it up more frequently. If it’s something more static (like family pictures), maybe back up a batch every 3-6 months. Like insurance, it comes down to your personal tolerance for risk.
- Where to Save: Storing stuff in the cloud is usually fine, but for threats like Ransomware, a good ole’ fashioned “ground” copy is best. Consider investing in an external hard drive (for long-term storage) or encrypted USB drive (for shorter-term, lower volume storage).
Report an IT Security Breach
An IT Security Incident is any adverse event which compromises some aspect of computer or network security.
Security incidents that must be reported include:
- Compromise of user credentials (when there is reason to believe this has led to unauthorized access or loss of confidential data)
- Lost or stolen laptop
- Lost or stolen removable media containing sensitive Chaminade information (CD, DVD, USB flash drive, external hard drive, smart cards)
- Malware or virus-infected computer (when there is reason to believe this has led to unauthorized access or loss of confidential data)
All incidents should be taken seriously and reported to the Chaminade Help Desk. When in doubt, report it!