This page is a list of policies and resources on security and privacy at Penn. Included below is information on computing risks and responsibilities for Penn Law faculty and staff.
On this page
- General Information about Security & Privacy at Penn
- Confidential Data & Student Records
- Working with Penn Data
- Computing Responsibilities
- Best Practices
- Penn Policies
General Information about Security & Privacy at Penn
Here are the main security and privacy links for Penn. We recommend you read these sites to learn more about computing safety and security.
- Privacy Website
- Penn Information Security Website
- Privacy in the Electronic Environment
- Online Security and Privacy Training
- Disposition of Documents and Data of Faculty/Staff Leaving Penn
- Penn Data Risk Classification
Reporting Computer or Offline Security Incidents: Under Penn’s Incident Response Policy, faculty, staff, and students using Penn systems are required to report any suspected or confirmed computer security incident. Please contact email@example.com or (215) 898-9140 to report an incident.
Confidential Data & Student Records
Please visit our Student Data & FERPA page for more information.
Working with Penn Data
Staff and Faculty who connect to Penn Law servers or access data have special responsibilities.
Please make sure you follow the follow best practices for secure computing including:
- Don’t use email to send sensitive data.
- Use OneDrive, SharePoint and Penn+Box to store data. Only sync when needed.
- Use SecureShare to share highly sensitive data with Penn colleagues.
- Keep only information you need - digital cleanup.
- Report your system if lost or stolen: both mobiles and Windows computers allow remote data deletion.
- All mobile devices (including laptops) need to be encrypted.
- Use strong, complex passwords and store using LastPass.
- Use multifactor authentication when possible: PennKey, LawKey, or non-Penn systems.
- Use a device PIN or password-protected screensaver.
- Keep antivirus up to date: (for personal devices install Symantec)
- Don’t save passwords.
- Logoff of password protected websites when done.
- Don’t use untrusted computers (public kiosks/Internet cafes) or free wireless access points to access sensitive data or Penn systems. Change your password if you have used an untrusted computer or Wi-Fi.
- Cybersecurity Awareness Video: ITS presentation on best practices to avoid phishing scams, PennKey two-step verification, and LastPass password management.
- Top 10 Security Tips for Smartphones & Tablets
- Best Practices for Foreign Travel
- Facebook Guidelines from Penn Privacy
- Desktop Security 101
Reputation Management resources:
- Penn Libraries guide
- See if your passwords have been hacked
- How to opt-out of various services
- Me and My Shadow
- Social media action plans: