Practice responsible data stewardship by following these key principles.
1. Review University Policy AD71, Data Categorization and University Guideline ADG07, Data Categorization Examples. Understanding these policies will help you learn how to categorize and safeguard data that is entrusted in our care.
2. Securely Store Data Only store data on permissible storage locations. Avoid storing data in unauthorized applications or cloud services unless the University has a contract/agreement in place. Note we are in the process of developing a searchable database that identifies the permissible storage locations according to the data category.
Be mindful when traveling with devices that have data. Report a lost or stolen electronic device to your IT staff immediately. They may be able to wipe the device remotely. Encrypt electronic devices such as laptops, USB drives, smart phones, tablets, etc. Talk to your IT contact if you want to learn more!
3. Follow Retention Guidelines Only store data for the time period as outlined on the General Retention Schedule as outlined in University Policy AD35. To quickly find a retention timeline for a data type, review the information on the data profile page. Talk to your Records Management Liaison to learn more! If you are unsure who your liaison is, please contact: Robyn Dyke (firstname.lastname@example.org).
4. Apply Proper Safeguards
- Practice least privilege. Only allow access to those who have a business need for the data.
- Follow a clean desk policy. Lock paper documents that contain sensitive information in a cabinet or other secure area and avoid using personal identifiers to label folders.
- When sharing data, only do so using a secure mechanism. Talk to your IT staff about the best option according to the data category in question.
- Complete the necessary training programs for legislatively controlled data as well as other data that requires specific training.
- Utilize Identity Finder to identify where certain Personally Identifiable Information (PII) is on your machine and to determine the best location to store the data. If you are not aware of the Identity Finder tool, talk to your local IT staff to learn more.
Already following these principles? Be recognized for your efforts! Add a section to your staff review that you are a responsible data steward and that you are following these key principles.