Penn employees frequently handle personal and sensitive University data. It is vital to know how to properly safeguard the data you handle and oversee as a Penn employee.
If you work with research data or with financial, health or student information and systems, then you come in contact with sensitive University information that should be handled and stored with extra layers of security. Depending on your job function and role, you may also be required to adhere to government and Penn policies and regulations that protect the type of data you handle.
Examples of personal or sensitive University data include Social Security numbers, driver’s license or state ID numbers, credit card numbers, biometric information (e.g., fingerprints, eye color), health records or student grades and records. Intentional or unintentional exposure of this data may result in serious legal, financial, and reputational consequences to Penn.
Here are some simple yet important steps you can take to strengthen your protection of sensitive data:
- Enroll in Two-Step Verification to add an additional layer of security when accessing systems and applications with sensitive data.
- Configure computers and devices that handle sensitive University data to require a password or access code whenever they are powered up, restarted or left unattended.
- When sensitive data exists in paper form, always keep it in locked cabinets.
- Ask your Local Support Provider (LSP) for a secure system to store sensitive digital data, including digital resources you might oversee as a manager or researcher.
If you suspect that unauthorized access to a computer or device containing sensitive University data has occurred, immediately disconnect the device from the network and contact your LSP before taking any further action.