Data Usage Related to Training
When selecting data that will be used in PowerPoint presentations, handouts and other distributed documentation, it is important to avoid the use of sensitive and restricted information. There is added concern if:
- A session is broadcast through Adobe Connect (Breeze),
- Materials are published to a website or
- Included in Blackboard.
Purdue University's longstanding guidelines governing the use of "sensitive" and "restricted" data are to be followed per the Data Handling Guidelines page. Even though some data may be classified as "Public" it may not be appropriate to share (even in a training environment). Production data should not be used in training materials. Data should not be traceable back to a person, actual account, or other sensitive information. The person to whom the information belongs may not wish to have personal data shared without being notified prior to its use.
Best Practices for Selecting/Handling Training Data
- Always use "dummy" or fictitious data in the preparation of any form of training documents (reports, screen shots, etc.). For example, Social Security numbers should be written as XXX-XX-XXXX. If numeric characters are required, numbers from 987-65-4320 to 987-65-4329 are reserved for advertisements and may be utilized.
- If test files are used, ensure that they were not created from production data and contain "live" information.
- If production files are the only source available, mask or remove any sensitive, restricted or questionable data.
- Obtain permission from owners of non-sensitive production data prior to incorporating that information in any training materials.
- Do not display any restricted data in broadcast or recorded sessions.
- Limit access to broadcast or recorded sessions if sensitive data will be used in the demo. (You must have owner approval to use the sensitive data.)
- Collect excess training materials after instructor led sessions are completed.
There is a need to control the content of the material to ensure proper data handling and security. When training material is posted to a website, be aware of the content and determine the appropriate level of security access. If you have questions, refer to both ITaP's Data Classification and Handling at the SecurePurdue website and the Data Practices page of the Business Services website.