Training Materials Must Be Free of Sensitive and Restricted Data - 11/10/09

A new page on the Business Services Training Web site outlines the correct approach for incorporating sample data into PowerPoint presentations, handouts, screenshots for use on Web sites, online or printed instructions, and other training materials.
The Data Usage Related to Training page reminds staff that fictitious data should always be used in the preparation of any form of training documents or presentation materials.  The “best practices” grid provides guidance on selecting appropriate “dummy” representations of Social Security, bank account and telephone numbers, addresses, birth dates and myriad other types of personal, identifying information.

Sensitive and restricted data must be handled in keeping not only with Purdue University’s long-established guidelines, but with federal and state laws as well, according to Business Services Security.
Purdue expects employees who create, access, transfer and delete its restricted, sensitive and public administrative data to keep it safe from unauthorized use and disclosure.
An Oct. 15, 2009, Business @ Purdue News article, “NATIONAL CYBERSECURITY AWARENESS, PART 2: Data Handling and Security,” served as a review for proper handling of data. Additional guidance on data handling is available on the Business Services Security Web site and SecurePurdue. A team of data stewards also can answer questions about data classification and handling.
University staff who create training or communication materials are welcome to contact Business Services Training for input or additional information about the proper display of sample data.