We are all data stewards as we come in contact with personal and private data every day. We must treat personal information belonging to others in a manner that avoids unnecessary sharing, transferring, processing (using), and storing. Along those lines, if we must collect personal information, we should only capture the minimum necessary to fulfill a request or perform a job function. If we learn that the personal information of one or more individuals has been compromised, such as access by one or more unauthorized individuals, we must immediately report it by e-mailing or calling SIRT via firstname.lastname@example.org or 407-823-5117.
- Protect private and personal (restricted) data by locking it up when no longer in use.
- Avoid leaving restricted data where others can see, copy, or steal it. For example, if you receive a resume to review, do not leave it on your desk when you walk away, instead, place it in a locked drawer. Most resumes contain personal information and warrant protection. Similarly, if you have restricted or highly restricted digital data, be sure to securely store it.
- Use secure storage and transfer mechanisms, such as encryption, Microsoft OneDrive, Microsoft Teams, and other authorized solutions when sending confidential or personal information to others.
- Avoid entering sensitive, restricted, or highly restricted data into Large Language Models (LLMs) like Google Bard, ChatGPT, etc. Instead, sanitize content by removing personal and other confidential information that shouldn’t be shared publicly.
- Never leave your work materials, such as your assigned tablet, laptop, and other university equipment visible in your car when you’re away from it.
The above points represent a fraction of the due diligence needed to keep data safe. If you have any questions about the collection, handling, or storing of data, please email email@example.com.