It is extremely important to take steps to prevent theft or misuse of your professional or personal information. In this digital age, everyone is under constant attack by hackers or identity thieves even if you don't realize it.
Users
Trinity faculty, staff, and students
Getting Started
Here are some basic steps you can take to help maintain the security and integrity of protected consumer information:
- Only those employees and contractors who require access to consumer information should be given access.
- Rooms and file cabinets that contain sensitive information should be locked or otherwise secured.
- Documents that contain sensitive information should not be left where they can be easily compromised, such as in meeting rooms or in other open areas. Managers and other employees should be alert for documents that are left in inappropriate places.
- Computers that contain or have the ability to access sensitive information should be password-protected and either turned off when not in use or should have a password-protected screensaver enabled; and
- Request for information about customers from outside parties should be referred to an appropriate contact person within the organization.
Network & Information System Integrity
You must also assess and minimize the risks of customer information compromise with respect to information technology systems, including, but not limited to, paper files, your computers and servers, internet access, and back-up files. Obviously, each organization handles customer information differently. Therefore, in this area of the Safeguard Program, you should critically review how your organization collects, accesses, processes, stores, distributes, backs-up, transmits, and destroys the protected information, and customize your Program accordingly.
At a minimum each organization should take the following steps:
- Store records in a secure area:
- Hard copies, such as paper documents, should be stored in controlled-access areas, such as locked rooms and locked file cabinets;
- Electronic data should be stored on secure servers that also have limited access. Unless absolutely necessary, private customer information should not be stored on servers that also provide internet access or can be accessed remotely.
- Access to sensitive information should be monitored and recorded, e.g., a record should be kept of who views electronic data when, and hard copies should have to be "signed out" of a central repository; and
- Back-ups should be made regularly and stored in a separate facility, preferably in a completely separate physical location.
- Provide for secure data transmission when collecting or transmitting customer or other protected information
- Secure connections, passwords, and encryption should be used whenever data is transmitted electronically.
- Customers submitting information to the organization should be reminded to take all necessary precautions. Secure transmissions from the customer to the organization should be automatic if possible; and
- If it is necessary to fax or mail information, appropriate precautions should also be taken, such as providing secure or private fax machines, use or private couriers and the regular use of confirmations.
- Dispose of customer information in a secure manner:
- Hire, designate or outsource a records retention manager/specialist to supervise the disposal of information.
- Shred or recycle sensitive documents.
- Completely erase all data when disposing of computers, diskettes, tapes and hard drives that might contain sensitive information.
- When necessary, properly and effectively destroy all computer hardware used to store or access customer information; and
- Regularly and properly purge customer files of outdated customer information.
- At a minimum each organization should take the following steps: Use adequate oversight and audit procedures to detect the misappropriation or loss of protected information. Each customer list or file should contain a code or identifier so that contacts, access, or changes can be monitored and controlled.
- Maintain a close physical inventory of all computer hardware.