Some
of the information we access
on a daily basis is
sensitive and should be
handled appropriately.
Keep
sensitive info
secure
You first need to
know what information is
considered sensitive. In general
terms, this will be any
information that is not readily
available to the public, such as
employee identification numbers.
Non-public or
sensitive information should be
secured all all time. When in
printed form, it should be
physically secured when not
being used. In electronic form,
the data should be encrypted,
especially if the storage device
is not in a secure facility,
such as a laptop or other mobile
device.
You first need
to know what information is
considered sensitive. In general
terms, this will be any
information that is not readily
available to the public, such as
employee identification numbers.
Non-public or
sensitive information should be
secured all all time. When in
printed form, it should be
physically secured when not
being used. In electronic form,
the data should be encrypted,
especially if the storage device
is not in a secure facility,
such as a laptop or other mobile
device.
When sensitive
information is transferred from
one person or location to
another, it should be done
through a secure mechanism, such
as an encrypted filed sharing
system. DO NOT
attach a document with sensitive
information to a non-encrypted
or plain text email.
Archiving is
the long-term storage of
information. This storage may be
electronic or physical. Like
other storage, it should be
physically secure or be
encrypted. In addition to
security, archived items will
often include a specific
retention period.
When sensitive
information is no longer needed,
it can be destroyed. For paper
documents, this destruction
should be via a means that does
not allow the information to be
put back together, such as using
a cross-cut shredder. Documents
should be physically secured
pending description. Electronic
media should be erased and
overwritten so that the data is
not retrievable.
When sensitive
information is transferred from
one person or location to
another, it should be done
through a secure mechanism, such
as an encrypted filed sharing
system. DO NOT
attach a document with sensitive
information to a non-encrypted
or plain text email.
Archiving is the
long-term storage of
information. This storage may be
electronic or physical. Like
other storage, it should be
physically secure or be
encrypted. In addition to
security, archived items will
often include a specific
retention period.
When sensitive
information is no longer needed,
it can be destroyed. For paper
documents, this destruction
should be via a means that does
not allow the information to be
put back together, such as using
a cross-cut shredder. Documents
should be physically secured
pending description. Electronic
media should be erased and
overwritten so that the data is
not retrievable.
If
you are unsure of how to
handle sensitive
information, contact
your security personnel
for additional
guidance.