Sensitive Data is private or confidential information such as social security numbers, credit card numbers, health records, financial records, research data, personal contact data, proprietary information – about you, your friends or co-workers, students, alumni, business associates, etc.
Best Practices for Managing and Protecting Sensitive Data
- It is important to delete any sensitive data that is no longer needed. This is the most effective way to protect sensitive data from unauthorized access.
- If you need to retain sensitive data, then it should be encrypted to protect your data from unauthorized access.
- When providing the decryption key to the recipient, send it in a method other than email.
- Encryption should be used anytime unintended recipients may get access to the data. This includes sending data through email, or saving information to shared files in collaborative apps, such as Teams, OneDrive, and SharePoint.
- Do not share sensitive documents or information with anyone unless you know they are approved to handle that level of data; or unless required by government regulations, specific La Salle job responsibilities, or business requirements - check group/recipient settings before sharing sensitive data in OneDrive, Teams, or SharePoint to confirm all recipients are approved to view the sensitive data;
- Password protect all accounts and files containing sensitive data;
- Do not store unencrypted confidential information on University systems, laptop computer or desktop computer’s hard drive, USB drive, CD, flash memory card, or any other storage media;
- Keep login credentials private, and do not share them, or sign into systems for others. If you log in for others, or allow others to use your credentials, all actions they take will be traced back to you, and you will be responsible for those actions. Be prepared to say “no” when asked to provide that type of information;
- Avoid transmitting confidential data via wireless technology, email, or the internet, unless the connection is secure (https), or the information is encrypted;
- Don’t publicly display sensitive data, or leave it unattended. If you need to walk away, lock your system and put physical documents or files in a drawer or file cabinet;
- Notify IT through the IT Service Portal if you suspect confidential information may have been compromised.
Information about encryption and managing sensitive data can be found in other Knowledge Base articles in this IT Service Portal. Please review the list of articles linked in the "Related Articles" section.