What are the best practices for data security and privacy at Carthage?
Best Practices for Data Privacy and Security at Carthage College
Protecting Data from Unauthorized Access
Questions to answer:
-
What data should be protected from unauthorized access? and why?
-
How can I protect my data, the data of others, and the College’s data from unauthorized access?
-
What are the primary ways that data can be exposed, and how can I help prevent that?
-
What laws and policies exist that regulate data access?
-
What is your obligation as a Carthage employee related to data privacy?
-
What are any possible consequences of data security breaches?
The law and data privacy:
-
Wisconsin Act 138 concerns data privacy as related to potential for identity theft. See https://docs.legis.wisconsin.gov/2005/related/acts/138
-
FERPA is the Family Education Rights and Privacy Act
-
HIPAA relates to health information, especially medical records
-
Copyright Law relates to intellectual property
What everyone should know:
-
Users shouldn’t store sensitive information locally on computers that could be stolen
-
Users should protect access to both computers and systems with good password practices
-
Some internet-based storage and transmission methods are safer than others; learn the difference
TOP 10 SECURITY TIPS:
-
Don’t store data locally for others that would allow for identity theft (Act 138)
-
Don’t let your computer store passwords to any sensitive systems
-
Don’t use the same passwords for work and personal accounts and resources
-
Don’t use unsupported tools with your Carthage credentials (e.g. password storing sites, recreational sites, etc.)
-
ALWAYS check the validity of any request to login or provide your password
-
E-mail is inherently non-secure. Email communications go over the internet in plain text. Never provide sensitive data via email.
-
Make sure, when logging in anywhere, that the site address begins with https:// to know that the communication is encrypted.
-
If you ever believe that your account security has been compromised, change your password IMMEDIATELY for any and all accounts with that same password.
-
Physically secure your computer to protect it from theft
-
Don’t download or install additional software onto your work computer or any computer that has access to systems or data that should be kept confidential.