Posted by David Rusting, Chief Information Security Officer, UCOP. We are surrounded by data, all the time. Whether in our professional or personal lives, we use all types of data every day to help make our lives easier and to help UC succeed. This very proliferation of data, though, has greatly increased the risk of unauthorized access to it, particularly when it is stored in ad hoc tools such as spreadsheets, local databases, and mobile devices.
The risk is amplified when we’re talking about “restricted data,” which requires a higher, and in some cases, the highest level of protection available to protect it from unauthorized use or disclosure. Restricted data takes many forms. Examples include Social Security numbers, medical records, and student records. Its scope continually evolves as new regulations emerge.
Here are some things you can do to help protect restricted data and protect UC:
- Ensure access to restricted data is authorized only for individuals who require it for assigned duties
- Ensure training for all individuals handling restricted data
- Avoid collecting or storing restricted data, unless it is absolutely necessary
- Delete restricted data when the business need to retain it no longer exists
- “Mask” or de-identify restricted data when developing applications or for training systems
- Encrypt restricted data in transit (when sending it) and when at rest (storing it)
- Talk with your Information Security Officer about ways to reduce the risk to any restricted data you handle