Summary
This article provides information on handling University data with care.
Content
You are the first and best line of defense in protecting University data. Unintentional, accidental, or malicious release of personally identifiable information or other protected information can expose the University to regulatory or legal action, reputational damage, financial consequences, as well as negatively affecting the privacy of University community members.
There are specific data handling requirements for the different types of regulated data and information about your responsibilities for handling and use of regulated data is available from your manager or department.
The following guidelines are provided to ensure secure handling of all other data.
Know What You Have and Only Keep What You Need
- Only collect and retain information for which you have a legitimate business need.
- Understand the classification of the data you are using, storing, or interacting with (see USNH Information Classification Policy)
- If you have questions about the classification of any data, contact the appropriate data steward or USNH Enterprise Cybersecurity for assistance.
- Backup mission critical information to appropriate secure storage and test recovery.
- Use the Data Scanning Service provided by USNH Enterprise Cybersecurity to ensure you are not retaining restricted information on your device.
- Ensure that only authorized persons can access the information for which you are responsible.
Store and Process University Information Appropriately
- University information should only be stored on institutionally-owned devices and in approved University applications.
- Information classified as Restricted:
- Must be stored according to the current standards published by USNH ET&S. If you have questions about where restricted information can be stored, contact USNH Enterprise Cybersecurity.
- Must not be copied to portable media such as external hard drives, CDs, and removable flash drives.
- Must only be accessed, stored, or otherwise managed on an institutionally-owned device that is encrypted using the current USNH Enterprise Cybersecurity encryption solution.
- Lock printed and other non-electronic forms or documents that contain protected information in secure locations.
- Limit access to stored records to authorized persons. For example, if others have access to your work space or desk during or after work hours, lock up printed material that is not under your direct control.
- Information classified as sensitive, protected, or restricted cannot be stored in or processed by external application or systems without permission from USNH Enterprise Cybersecurity or the appropriate data steward(s).
Dispose of University Information Appropriately
- All institutionally-owned devices must be decommissioned via the SEED program to ensure all institutional data is securely destroyed before the equipment is recycled.
- Institutional information in printed form must be shredded.
Further Readings
USNH Enterprise Cybersecurity
USNH Information Classification Policy
Data Scanning Service
USNH Enterprise Cybersecurity encryption solution
Need additional help?
For more information regarding questions about secure handling of data, contact USNH Enterprise Cybersecurity.
Visit the Technology Help Desk Support page to locate your local campus contact information or to submit an online technology support request. For password issues you must call or visit the Help Desk in person.