Data Privacy and Security for Institutional Data

John Knights —  October 11, 2013

National Cyber Security Awareness Month is in full swing and this week’s topic is about protecting data. Information security is all about protecting the privacy and availability of data. One of the main causes behind a compromise of data privacy is accidental disclosure. Members of Technology Services are continually working to improve the systems and tools used to protect the Institute’s data privacy and availability, but there are limitations to what can be done centrally. Review the following tips you can use to ensure that we all are working together to secure our sensitive data and protect the Institute against accidental disclosures.

TIP 1: KNOW WHAT DATA YOU HAVE. Before you can protect data, you need to know what you have that needs protecting. The Institute utilizes a tool called Identity Finder. This is a good tool that searches through all the files on your computer to identify potentially sensitive information based on the criteria you provide. For example, if you select it to search for social security numbers, it will search for all potential ways that it can be expressed (e.g., with or without dashes) and return the results to you. What is especially useful about this tool is that it can perform tasks on the files, such as shred (deletes the file in a secure manner) or quarantine (relocates files to a predetermined location for easier management), when they match the criteria you have set. For more information on Identity Finder and how to use it, please visit our Identity Finder resource page. For those that do not have it installed on their machines, please go to our Tool & Resources page for information on obtaining a free version.

TIP 2: DELETE WHAT YOU DON’T NEED. Once you determine what sensitive data you store locally, consider whether or not you really need to have it. If it is data that your department uses, then store it on your department’s shared drive. Of course set the permissions on the folder(s) to ensure only those that need the data can access the folder. Another route would be to utilize your P-drive. This stores the files on our trusted datacenter and is routinely backed up. For more information on these options, visit our page on connecting to network resources.

TIP 3: PROTECT WHAT YOU KEEP. Data protection can be accomplished by following computer security best practices for data protection. The basic three are:

  • Encrypt data that you plan to transport, including via email or on a mobile device such as an iPad;
  • Use strong passwords on all devices and ensure that they automatically lock after a short idling period;
  • Physically lock down your mobile devices, on and off campus.

This list is in no way complete, but it is a strong start. Collectively, they will help you keep the data you chose to store on your machine safe. For more information on these best practices and tools available to follow them, please contact or visit our Tools & Resources page on the web.

John Knights