Information and Infrastructure Assurance at Indiana University

• UIPO
• >> Resources
• >> Supervisor's Guide

What can I do to protect sensitive data?

To protect sensitive data, you and your employees can do the following:

• Learn the best practices for handling electronic institutional data at http://informationpolicy.iu.edu/resources/safedata/.
• Identify where you have stored data under your control, including information stored electronically AND on paper.
• Inventory the data you have stored in all these places.
• Dispose of all Social Security numbers, credit card and bank account numbers, access codes, driver's license numbers, and all other sensitive personal data unless you absolutely cannot do business without storing this information under your control, even if it means being inconvenienced at times. Because there are legal implications, it is imperative that you properly dispose of data; for more information, see the University Information Security Office (UISO) page at http://informationsecurity.iu.edu/Securely_Removing_Data.
• Secure any remaining sensitive data by storing it appropriately (consult with your departmental computing professionals to ensure proper security).
• Stop and think, any time you encounter sensitive personal data, about why you have it and if you absolutely need it. Again, consult with your departmental computing professionals to ensure you are handling this data appropriately.
• Use tools provided by the IIA; for computing guides, see http://informationsecurity.iu.edu/Guides_for_Everyone.
• Encrypt any sensitive data you must keep within your immediate control. See the IIA page on encryption at http://informationsecurity.iu.edu/Data_Encryption.

More information

Detailed information about steps you can take to secure sensitive data is available at Actions you can take to secure sensitive data.

For a detailed guide for handling sensitive electronic data, see our Best Practices for Handling Electronic Institutional and Personal Information.

For an overview and introductory information about cryptography, see http://kb.iu.edu/data/agds.html.

For formal data management guidelines from the Committee of Data Stewards, see http://informationpolicy.iu.edu/data/cds.

The PCI DSS is a multifaceted security standard proposed as a set of comprehensive requirements for global implementation, and is available at https://www.pcisecuritystandards.org/tech/index.htm.

Feel free to contact us if you would like more information.

<< Return to Supervisor's Guide