| One Step Ahead: Privacy and Security Tips |
|
October 10, 2006, Volume 53, No. 7
|
|
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
The Best Way to Protect Data is Not to Have It
While much data at Penn is absolutely necessary to our everyday operations and mission, most people retain sensitive data longer than they need to. This is true for paper documents as well as computer files, e-mails, and so on. And keeping unnecessary data creates unnecessary risks both to the individuals whose data is kept and to Penn. The best way to protect data is to simply not have it.
Paper Files. Review your paper files containing confidential data and shred them when allowed (see below). To arrange for shredding, contact the University Records Center at (215) 898-9432. You can have any number of shredding bins placed and picked up based on your office’s needs.
Electronic Files. To securely destroy electronic files that are appropriate for destruction, contact your LSP for options. For example, individual files can be securely destroyed using the PGP Shred function. See www.upenn.edu/computing/provider/recycle.html for more information.
Records Cleanup Day. Spread good practices by hosting your own Records Cleanup Day. For information and tools to help, see www.upenn.edu/privacy.
(Note that we must not shred or delete information that is an original and still within the University’s records retention requirements. Nor should we destroy any information if there is an actual or likely claim, lawsuit, government investigation, subpoena, summons or other ongoing matter involving such records. When in doubt, retain the information and keep it secure.)
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.
|
