Keeping Information Private

National Cyber Security Awareness Month continues, and this week we’re passing along info about keeping personal information private.

In 2016, over 15 million people fell victim to identity theft, with financial losses totaling over $16 billion.  Here at Widener we take information privacy seriously. We ask (and have approved policy) that users do not share Social Security numbers (SSN’s) via email.  Email services are insecure by default, and if your WUMail message is going to an outside address, it’s at risk.

Also remember that Credit Card numbers are Personally-Identifiable Information (PII). Industry rules guide our use of these, and misuse represents a great risk of loss to the cardholder.

Below is a list taken from our Information Security and Compliance Program that shows the actions we should take with PII.

 

Classification Level: Confidential

Examples: SSN, Passwords, Credit Card Numbers

In electronic form: Must be encrypted when on the network and in electronic or physical data storage. Data must be protected with strong passwords. Data cannot be copied onto portable media without managerial consent (including laptops).

In print form: Must not be posted on any website or sent through email. Trash documents must be shredded. Retained documents must be stored in locked cabinets.

Classification Level: Restricted

Examples: Personally identifiable (combination of name, address, date of birth) student records, student grades, infrastructure design

In electronic form: Data must be protected with strong passwords. Data cannot be copied onto portable media without executive consent (including laptops).

In print form: Retained documents must be stored in locked cabinets.

Classification Level: Public

Examples: Not confidential or sensitive. Information on University website.

In electronic form: May be posted externally with appropriate approval (department head). May be sent through email.

In print form: Trash documents do not require shredding.

 

If your department is required to provide PII to other organizations or agencies and you need assistance with securing private info, installing encryption software, or any other issue, please contact the Helpdesk at x1047.