Security Requirements for Handling Information
"Handling" information is when you view, use, update, delete, or destroy data. It also relates to when you transfer the data from one location to another. Data can be in paper or electronic form. Per the Authentication and Authorization (VII.B1) policy, only the minimum privileges necessary to complete required tasks are assigned to an individual. Based upon how data is classified (Public, Sensitive or Restricted) and its form, that data may have certain precautions which need to be taken to prevent unauthorized disclosure when handled. All users of Purdue data, in any form and for any purpose, are called Data Users.
These handling requirements are directed to the storage and use of Purdue data on Purdue-owned resources and represent the minimum requirements for handling of data in any format at Purdue University. Individual areas may establish more stringent data handling procedures. Purdue Data Users are urged to contact the Data Stewards for guidance in cases that present handling questions or security concerns.
These data handling requirements are divided into three categories:
- Handling of Printed Information (paper, microfiche, microfilm)
- Electronically Stored (Computer-based) Information
- Electronically Transmitted Information
These handling requirements are reviewed by the Data Stewards and Information Owners at least annually and/or whenever significant changes are made to data or systems. Keep in mind these requirements "evolve" as the technology improves. Any comments regarding these requirements should be emailed to the Data Administrator at: firstname.lastname@example.org