Confidential Data Handling Blueprint
Purpose
To provide a framework that organizes resources pertaining to confidential data handling.
Introduction
The following steps are intended to provide a general framework that is organized in a sequence that allows you to logically follow through each step. Although each item is recommended as an effective practice, we recognize that state/local legal requirements, institutional policy, or campus culture might cause each department to approach this differently.
Departments are expected to follow and implement the recommendations found in each of the steps. Departments will need to prioritize their actions to mitigate risk because of the comprehensive nature of the recommendations.
Definition - "Confidential Data"
Any record or information, regardless of its physical form or characteristics, that is not open to public examination because it contains information which, if disclosed, might damage individual privacy or compromise public activities. This information is also protected from disclosure by state and federal laws.
Examples:
- Social Security Numbers
- Birth dates
- Account Numbers (Bank deposits)
- Insurance Information
- Grades (FERPA)
- Counseling/Mental Health Records (HIPAA)
- Medical Records (HIPAA)
Steps
- Step 1: Create a Security risk-aware culture that includes an information security risk management program
- Step 2: Institutional Data Types
- Step 3: Safeguarding Confidential Data
- Step 4: Reduction in Confidential Data Access
- Step 5: Implementing Stricter Controls for Confidential Data
- Step 6: Awareness and Training
- Step 7: Compliance with policies, standards, and procedures