A: It would be considered safer to some extent. The risk eliminated by moving a file with sensitive data from your local machine to the shares server is a physical one. The shares server is more physically secure than your local machine. However, if your Windows password is compromised, the data on your share is compromised and would be considered a breach requiring notification of anyone whose SSN is on your share. Your goal should be to eliminate storage of any sensitive data anywhere in your control.
A: Email is not stored on your computer - it is stored on a server at ITS. The same concept applies as with network shares - if your password is compromised then, potentially those SSN's have been compromised. Effectively this means emails containing SSN's should be deleted. At this time, we don't have a solution to detect SSN's in email. It could be considered a lower priority than cleaning up your computer, network shares, and bogie download directory but it should still be done. Your goal should be to eliminate storage of any sensitive data anywhere in your control.
A: Whole disk encryption is intended to protect access to files on your computer in the event the computer is stolen. It will not protect access to files in the event that a password is compromised.
A: You are not authorized to store Social Security Numbers in any way (hard drive, shared drive, email, spreadsheet, Word document, web page) unless you have been granted an exemption.
Key points to remember:
- If you don't need it, delete it.
- If you need it but can use the NUID as the identifier, contact Andrea Childress to get the file converted to NUID and remove SSN from the file.
- If you need to keep SSN's to perform your job, you need to submit the SSN Elimination Exemption Form THIS IS MANDATORY ANNUAL REQUIREMENT.
Office of Information Technology Services, 114 Otto Olsen Bldg, (308) 865-8950
ITS HOME | POLICIES | ABOUT ITS