Data Retention – Should I save this on my desktop?
October 21, 2008 | By Damon Armour, IT Security Officer
Augusta State University recently underwent an information technology audit by the University System of Georgia. The scope of the audit was discussed in an article that appeared in the October ASU Report. One area focused on information handling, specifically the type of information we use and store on our local systems. ASU faculty and staff should continually ask themselves, "Is the information that is saved on our desktops or elsewhere on our computers secured properly?"
Not all information needs to be stored in a secure fashion. A directory of office phone numbers, an organizational chart of a department, and university handbooks are examples of information that are not sensitive in nature. However, a spreadsheet of student social security numbers, addresses, or other contact details is sensitive. A good litmus test to use for determining the sensitivity of information is to ask yourself, "Would I want this information, if it were about me, to be publicly available?" Items such as social security numbers or credit card numbers are understood to be sensitive. However, items such as a person's home address and home phone number might not be as clear. If you are uncertain, it is always best to act conservatively and treat the information as sensitive until clarification is given.
ITS staff will be meeting in the future with key data shareholders on campus to assist in documenting policies and procedures on the handling of information. This will provide guidance on how to handle the information that faculty and staff work with each day and how to treat it as well as provide a forum for questions and answers and the dissemination of policies and procedures.
So if an individual is storing sensitive information on a computer, what should be done? There are multiple options, and each can be weighed against the business need for storing the information. In some cases, a report may be built within one of our enterprise systems, such as Banner or PeopleSoft, to fit the need for the reporting requirements. The information can then be queried from those systems at any time, eliminating the need for storing the reports on a computer. There might still be cases where there is a need to store sensitive information on the computer itself; in those cases, ITS can assist in securing those files in an encrypted folder that still provides quick and easy access.
Review the information that is stored on your individual computer. Do not keep information that no longer has value or use; good housekeeping goes a long way toward keeping sensitive data safe. If there are questions about information stored on a computer or its sensitivity, contact the ITS Help Desk at 706-737-1482 for assistance. Staff will assist faculty, staff, and students over the phone or can schedule a time for a site visit.
