Slide 1 - Slide 1
Slide notes
Blank slide
Slide 2 - Logo Start
Slide notes
Screen of Secure Purdue logo.
Text Captions
A Video on Sensitive and Restricted Data Security
Slide 3 - Intro slide
Slide notes
Do you know how to Secure Purdue?
Text Captions
The following video will check your knowledge on what is sensitive and restricted data and secure practices to use in handling that data.
Slide 4 - quote...start
Slide notes
At home, at work, you are the first-line of security.
Text Captions
Protect the DATA
Protect YOURSELF
SHUT it down
LOCK it out
Slide 5 - Why is it important
Slide notes
Why is information important?
Text Captions
The University recognizes administrative information as a valuable University asset. This information requires protection against unauthorized destruction, modification, and disclosure.
Slide 6 - What is a data owner
Slide notes
Why is information important?
Text Captions
A data or information owner is the Vice President or their appointed personnel who provides policies or guidance on the data supporting their functional responsibilities. Note that data may be more strictly classified by its Data Owner.
Slide 7 - Data classification types
Slide notes
What are Purdue's data classifications?
Text Captions
Public Data Information which may or must be open to the general public.
Example: Course Catalog
Sensitive Data Information whose access must be guarded due to proprietary, ethical, or privacy considerations.
Example: Employee benefit selections
Restricted Data Information guarded because of protective statutes, policies or regulations.
Example: Student Academic Record (FERPA), Health Information (HIPAA), Consumer Financial Information (GLBA), Social Security Numbers.
Slide 8 - what is sensitive data
Slide notes
What is sensitive and restricted data?
Text Captions
Are the following items considered sensitive or restricted data? Click to find out..
What is sensitive and restricted data?
Slide 9 - SSN answer
Slide notes
Social Security Numbers without names attached.
Text Captions
This is protected data. SSN's are considered restricted information under University policy.
Slide 10 - Medical leave answer
Slide notes
Medical leave information for an employee.
Text Captions
Any type of medical leave information is not for public knowledge. Medical information is considered restricted information.
Slide 11 - unrestricted phone answer
Slide notes
Unrestricted campus phone numbers.
Text Captions
Unrestricted campus phone numbers are considered public information. Some of this same information may be accessed in public phone books and on-line.
Public information does not have legal restrictions to access.
Slide 12 - payroll data answer
Slide notes
3-year-old payroll data reports in Excel saved on your computer.
Text Captions
Old data is still protected data. Payroll reports can be classified as either sensitive or restricted data, depending upon the type of employee information they contain. Sensitive data has guarded access, even though there may not be a civil statute requiring this protection.
This type of data should never be stored on local computer drives.
Slide 13 - student grade answer
Slide notes
Student grades saved to your private laptop computer.
Text Captions
Student data is always considered restricted data and should never be stored on private or home computers.
Slide 14 - Your respons start
Slide notes
What is your responsibility?
Text Captions
You are responsible, when given permission to access and use University data, to be aware of the classification of that data and the handling requirements for that type of data.
Slide 15 - Your respons 2
Slide notes
Text Captions
Sensitive and restricted information are used by University staff to perform legitimate business functions and must be safeguarded from disclosure to those who are not authorized to perform that same job function.
Slide 16 - Your respons 3
Slide notes
Text Captions
Data in the wrong hands can cause damage to the University and members of the University community.
Slide 17 - Steps to be secure
Slide notes
Steps to be secure!
Text Captions
There are steps you can take to keep data secure. Click items below to learn more...
Steps to be Secure!
Slide 18 - Step-be aware of data class
Slide notes
Be aware of data classifications.
Text Captions
Be aware of the classification of the data that you handle as part of your job; as well as, any policies that apply to that data.
Review the guidelines for public, sensitive, or restricted data and what precautions need to be taken in handling that data.
Slide 19 - p2 Step-be aware of data class
Slide notes
Text Captions
For instance, restricted information may be stored on a removable computer disk so long as the disk is stored in a secure location when not in use.
Slide 20 - review - data classification types
Slide notes
Text Captions
Public Data
Sensitive Data
Restricted Data
Information which may or must be open to the general public.
Ex: Course Catalog
Information whose access must be guarded due to proprietary, ethical, or privacy considerations.
Ex: Employee benefit selections
Information protected because of protective statutes, policies or regulations.
Ex: Student Academic Record (FERPA), Health Information (HIPAA), Consumer Financial Information (GLBA), Social Security Numbers.
Slide 21 - Step-be aware of handling data
Slide notes
Be aware of how you handle data.
Text Captions
Be sure to handle data appropriately based on its classification; and with sensitive and restricted data according to University policies.
Do not leave sensitive or restricted data in places where they can be accessed by third parties.
Slide 22 - p2 Step-be aware of handling
Slide notes
Text Captions
"Handling" information relates to when you view, update, store, or delete data. It also relates to when you transfer the data from one location to another.
The data does not have to electronically stored; it could be stored in a filing cabinet or in a binder. The data could be present in a report or in a memo.
Slide 23 - Step-saving data
Slide notes
Save data in a safe location.
Text Captions
Access to sensitive or restricted data could be gained by someone within or outside of the University if that data (whether electronic or printed) is not stored correctly.
It is safer to store data on networked drives, not the hard drive or desktop. CDs and other removable storage items must be secured when not in use.
Slide 24 - p2 saving electronic data
Slide notes
Electronic Data:
Text Captions
Electronic Data:
- Never store sensitive or restricted data on your hard drive, desktop or personal computer.
- Save data files to University network drives, where there are access controls and safeguards.
- If you have approval from your supervisor or data steward to save sensitive or restricted data to disks, thumb drives, CDs, or other external devices; lock up or safeguard those sources.
Slide 25 - p3 saving printed data
Slide notes
Printed data:
Text Captions
Printed data:
- Never leave sensitive or restricted data printouts carelessly on your desk.
- Store data in a locked, secure location out of sight when not in use.
- Never copy or distribute printed materials containing restricted information without the consent of the data owner.
Slide 26 - Step-be aware of policies
Slide notes
Be aware of policies and laws affecting data.
Text Captions
Purdue develops policies that follow laws governing data. Also be aware that there are laws that impact data usage and storage, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA).
Slide 27 - p2-Step policies-resources
Slide notes
Text Captions
Additional Resources:
- Purdue University data classifications http://www.itap.purdue.edu/security/policies/dataConfident.cfm
- Purdue's Social Security Number policy
http://www.purdue.edu/policies/pages/information_technology/v_5_l.html
Slide 28 - Step-practice secure computing
Slide notes
Practice secure computing.
Text Captions
While you safeguard data, be aware that other practices may cause that data to be less secure. Avoid questionable web sites and opening unknown emails, files, or attachments that you are not expecting.
Slide 29 - Be Secure Wrapup
Slide notes
Text Captions
Technology alone will not provide a secure environment. Each one of us needs to be proactive in guarding Purdue's protected data.
Be secure!
Slide 30 - Starts with You end
Slide notes
Secure Purdue starts with you!
Text Captions
Remember..
Protect the DATA
Protect YOURSELF
SHUT it down
LOCK it out