Information Technology

Storage and Handling of Confidential and Regulated Data

 

Data Handling Principles

Information plays an extraordinary role in the College's educational, research, operational, and community outreach missions.  Every department, faculty, student, and staff member may have some degree of access to regulated, sensitive or confidential information.  As such, each person and office is expected to follow these principles for handling confidential data:

  • Be conscious and selective of the data you are collecting and retrieving.  When pulling reports from data sources, only select the data that is needed, do not just select all.
      
  • Keep the number of files that you store that contain sensitive data to a minimum. Try not to store copies of data that can easily be retrieved from a database or other mechanisms.  
     
  • Safeguard information that is in your control.  Because of risk of loss or theft, sensitive data should not be stored on laptops, flash drives, or mobile devices unless properly encrypted. 
     
  • Collect the least amount of data as necessary and store for the least amount of time necessary.  Properly delete digital files by emptying the recycle bin on your computer and the Deleted Items folder in your mail client.  Paper records should be shredded or deposited in a confidential paper repository. 
     
  • Be specific when applying permissions on files, folders and SharePoint sites. Grant access only to those individuals that need access. 
     
  • Avoid using email to transfer and collect sensitive or confidential data.  Store reports, documents and spreadsheets on file shares or SharePoint sites and grant access via permissions.
     
  • Do not redisitribute confidential documents or information to those who are not authorized to view them.

 

Special Data Types

State and Federal laws mandate that confidential data be handled properly to prevent accidental disclosure.  This means that certain types of information (such as SSN, Driver License or Bank Account/Credit Card numbers) should never be stored on computers or sent over email.  

Other types of data may not be explicitly covered by law, but if the information was accidentally disclosed it would be detrimental to the reputation of the College or to the well being of the individual or community.

Review the charts below for the required handling procedures for a given data type. 

Government Issued Identification Numbers View PDF
Credit Card Data View PDF
State of Colorado - Personally Identifiable Information View PDF
Personal Health Information View PDF
FERPA - Personally Identifiable Information View PDF
Personally Identifiable Demographic Data View PDF
Confidential College Business View PDF
Human Subjects Research Data View PDF
FERPA - Educational Records View PDF

 

RETENTION AND DISPOSAL OF DATA:

It is important to follow the proper procedures when retaining or disposing data is required.  Policies concerning retention and disposal of College data are kept by the Center for Southwest Studies Archive Library.