Reduce security risks in materials we are keeping, in paper and digitally. We need to take particular care with confidential data that we might have (social security numbers, non-public directory information about students, University and personal financial information, etc.) to reduce the risk of identity theft, disruption of University operations, and damage to Penn’s reputation.
- Identify and Remove Sensitive Data and Unneeded Email/Files
- Take Penn’s Online Security Training
- Archive Files with ITS Offline
Identify & Remove Sensitive Data
Information Technology enables our faculty, staff and students to more efficiently and effectively teach, learn and research. However, the digital storage of IT files and online use of applications, databases and tools also creates risk.
One prominent area of risk is threats to confidential, personal or proprietary data that, if compromised, could cause significant harm to individuals or to Penn. Federal and state laws, industry practices, and principles of data stewardship have all driven home the fact that individuals who create, use, or maintain Confidential University Data are responsible for adequate protection of that data.
Therefore, we have created a Security and Privacy Impact Assessment (SPIA) survey to help Penn Law better understand the risks that may exist in our stored files, computer applications and databases. Once we identify our risks, we can move toward implementing safeguards to protect the data.
Identity Finder is a software tool you may use to search emails and files for data such as Social Security numbers, credit cards, and passwords. Please visit our Identity Finder guide to setup and access video and written documentation.
Identify & Remove Unneeded Email/Files
Please ask yourself two questions while examining our storage systems (both in paper, and on our computers).
1.) If I won the lottery and never returned to work, would my successor understand my filing and directories systems and actually need the info I’m keeping there?
Clean Up Unneeded Email/Files
We have two help files to help you identify unneeded email and files. Many emails and files are saved and forgotten. Data that is longer needed takes up valuable server storage space, backup disks, and may pose a security risk. Please review your email and your files on the M: and G: drives - and remove all the data that you no longer need.
Delete Old/Unused RSS Feeds
Outlook lets you connect RSS feeds from the Internet to automatically download articles and pages. If you’re not actively using these, you may be storing lots of extra information and slowing down your mailbox. Clean out old feeds using the steps below.
- Expand the RSS Feeds folder that appears alongside your email folders in Outlook.
- To unsubscribe and delete a feed, right-click a folder and choose Delete Folder
- To stay subscribed and delete only the current messages, right-click a folder and choose Delete All
2.) Is it necessary I keep this for business purposes?
The Best Way To Protect Data Is To Not Have It
Most people retain sensitive data longer than necessary. This is true for paper documents as well as computer files, e-mails and so on. And keeping unnecessary data creates unnecessary risks. The best way to protect data is to not have it. While much data at Penn is necessary to our every day operations and to serving our mission, there is a lot of data in offices and computer systems that is no longer needed nor required to be kept. This unnecessary data should be destroyed to protect the individuals whose data is in these files and to protect Penn. Important Note: we must not shred or delete information that is an original and still within the records retention requirements. Nor should we destroy any information if there is an actual or likely claim, lawsuit, government investigation, subpoena, summons or other ongoing matter involving such records. When in doubt, retain the information and keep it secure.
Take University’s Online Security Training
Most people at Penn have already dealt personally and/or professionally with the challenge of keeping confidential information safe and secure. Staying abreast of privacy and security risks, and ways to counteract them, is difficult in today’s environment because of the multitude of warnings and rules that exist about handling information. Penn has developed an online training that focuses many important privacy and security topics that its faculty and staff should know about. For your own personal benefit, as well as for the benefit of Penn’s valued community, we urge all faculty and staff at Penn to take this training. The training will help each of us to meet the expectations of the students, faculty, staff, alumni, patients, visitors and many others who trust in us to protect the privacy and security of their information. Taking this training requires approximately 20-25 minutes.
Archive Files with ITS Offline
ITS provides nearline storage for old or sensitive data that you need to maintain but do not need to access regularly. Because nearline storage is offline, it is more secure and uses less expensive storage disks. The data is accessible by request to ITS within two business days. Please contact ITS if you have data you’d like to move to nearline storage.
Email ITS: firstname.lastname@example.org
Review Penn Security Policies
We have gathered together an Overview of Penn’s Security & Privacy policies. Please take a look and keep up to date on these resources.