Reduction in Confidential Data Access
4.1 Data Collection Policies and Procedures Not requesting nor collecting restricted/regulated data is the best method of ensuring that it is not leaked. An organization doesn't have to worry about protecting (in storage or transit) what it doesn't have. This should apply to online and paper forms.
4.2 Maintaining Policies and Procedures
- Securing University Data Guidelines and Best Practices for Information Access
- UWG ITS Security Plan Section on Data Classification
- Business Procedures Manual: Data Access
- Controlling Information Access
- Securing University Data Guidelines
- Best Practices for Personal Identifiable Information (PII)
4.3 Reviewing Existing Confidential Data
- Data Scanning Tools Best Practices/Guidelines
4.4 Maintaining Policies and Procedures to Eliminate unnecessary Confidential Data Stored
4.5 Eliminate Dependence on SSNs as Identifiers SSNs may need to be used for certain things, however we recommend that the University limits the use of SSNs to only necessary processes.