Digital Cleanup Program
This program is a 3-day annual effort to identify and remove sensitive data or data that is no longer necessary.
This year’s program will be a self guided Canvas course. Staff members can access here. An outline of the program is below.
- Identify sensitive or confidential data
- Remove, redact, or report sensitive or confidential data
- Remove unnecessary old and large files from network drives
- Review Junk Email folders and Email Archive policies
Day 1: Identify Sensitive Data
Identity Finder is software that can find — and, after review, delete — sensitive personal information, such as Social Security numbers and credit card information, that is stored on a personal computer/file share.
Day 2: Remove Sensitive Data
After searching for sensitive data with Identity Finder, the data will need to be reviewed to determine whether the file can be deleted, redacted, or reported.
Day 3: Remove Unnecessary Files & Review Email Policies
Remove Unneeded Files
Many emails and files are saved and forgotten. Data that is no longer needed takes up valuable server storage space, backup disks, and may pose a security risk.
Review Junk Email and Automatic Archive Policies
In Outlook 2010 and newer, Microsoft automatically archives messages that are older than 2 years. Archived messages are still searchable and easily accessible as long as you are connected to the Internet. Now is also a good time to review your Junk Email folder. Though there is a general spam filter in place for email, Outlook will also mark certain messages as “Junk” and move it to your “Junk Email” folder.
Why is this important?
One prominent area of risk is threats to confidential, personal or proprietary data that could cause significant harm to individuals or to Penn if compromised. Federal and state laws, industry practices, and principles of data stewardship have all driven home the fact that individuals who create, use, or maintain Confidential University Data are responsible for adequate protection of that data.
Please ask yourself two questions while examining our storage systems (both in paper, and on our computers).
1.) If I won the lottery and never returned to work, would my successor understand my filing and directories systems and actually need the info I’m keeping there?
2.) Is it necessary I keep this for business purposes?
The Best Way To Protect Data Is To Not Have It
While much data at Penn is necessary to our every day operations and to serving our mission, there is a lot of data in offices and computer systems that is no longer needed nor required to be kept. This unnecessary data should be destroyed to protect the individuals whose data is in these files and to protect Penn.
Review Penn Policies
We have gathered together an Overview of Penn’s Security & Privacy Policies. Please take a look and keep up to date on these resources, but here are some policies relevant to the cleanup program: