Step 3
Safeguarding Confidential Data
3.1 Data stewardship roles and responsibilities.
Individuals both at the user level and in management must understand their role in classifying and protecting their data.
3.2 Responsibility for secure data handling.
If you give confidential data to an outside party, for example, to maintain student loans, or develop a web site, or handle health insurance, you need to ensure in a contract that the other party understands that it is liable for properly safeguarding the information.
- Third Party Agreements Procedure
- Limited Access-Third Party Vendor Agreement Template
- Third Party Agreement Template with Data Compromise Clause
3.3 Data retention, disposal, and electronic discovery.
Data has its own "life cycle" from its collection to its eventual disposal. These policies describe data handling at significant points in this cycle.
- UWG IRP Records Retention Manual
- USG Records Retention Schedules
- USG Records Management and Archives
- UWG Records Disaster Management Plan
- UWG Records Destruction Authorization Form
- UWG Inter-Departmental Transmittal and Receipt Form