One Stop | Directories | Search U of M

Securing Private Data

What's New

Do not save files with private data to removable media like CDs or USB flash drives

No encryption tools are available that are fool-proof enough to effectively protect private data on removable media. Better alternatives are available.

Users will be prompted to re-enter a password after 15 or 30 minutes of inactivity

Encryption and other settings only protect a computer turned off or logged out, but a user’s documents are at risk anytime they are logged in. A screen saver password goes a long way in protecting private data when computers are unattended. Only those with a desktop computer, private office, and no admin-rights get the longer window.

All laptops must be secured in a locked drawer or with cable lock when unattended

Stolen laptops are the most common cause of private data exposure and the resulting notifications to students. Taking action to prevent theft is one of the best steps a user can do to protect private data and avoid the many hassles associated with a computer theft.

Users with full administrator-level privileges on your computer, your password needs to be 15 characters or longer

No other setting in Windows reduces the level of security like running with administrator-level privileges. Except as a matter of convenience, this level of access is rarely a necessity to handle the most common office-related tasks. Anyone requiring these privileges (such as a regional technician) needs to compensate for the lack of security with stronger passwords.

Laptop computers will be encrypted

The only effective way to prevent the breach of private data when a computer is stolen is to encrypted the local storage. While encrypting data can make the data more difficult to recover in the case of a hard drive failure, CLA-OIT regional techs will also be configuring and/or confirming backup tools to protect the user’s data. It should be noted that without an effective backup process, a user’s data is always at risk of catastrophic loss—regardless of encryption.

User documents scanned for highly sensitive identification numbers

At the discretion of the user (i.e. “opt-in”), a tool can be run that scans a user’s documents for the likely existence of social security numbers and credit card numbers. CLA-OIT staff will not open, read, or view a user’s documents but will instead share the search tool findings (e.g. list of file names) with the user. The user will be responsible for determining if highly sensitive data is indeed stored in the identified files and working with the technician to see they are properly protected or removed.

Departments must provide alternative support for non-CLA-OIT supported computers

All computers require professional tech support. In the past, we operated under “don’t ask/don’t tell” and let departments do what they wanted with computers older than 3 years. For justifiable and specifically documented reasons (does not include “no money”), CLA-OIT can offer continued support. Otherwise, in order to retain older computers, the department is expected to hire well-qualified and well-supervised IT support staff or contract with other University tech support organizations. Such alternatives must follow and be able to implement the CLA-OIT Securing Private Data Implementation Plan or an approved alternative.

All data and software will be removed from retired computers before they can be purchased by former users for personal use

We manage the computer from the day we receive it from the vendor to the day it leaves our control. University software and university-related data are not to be stored on non-University computers.

Shared databases must have a plan

A template is being formed to identify and track who has access to the data stored in every shared database (e.g. Access, FileMaker, web-based systems, etc.). We will need help from the users to identify shared databases.

Reminders

Buy all computers through CLA-OIT

1. CLA-OIT will install and configure the necessary security software
2. computers purchased by CLA-OIT are properly tagged and entered into our inventory database by the vendor
3. CLA-OIT establishes standard and enhanced computer configurations that are both cost-effective and customized to the needs of the college; CLA-OIT can also configure special packages customized to the need of the user or project

Do not save/download documents with private data to home computers

As the university is obligated by law to protect private data from exposure and as it is not possible to ensure home computers meet university security standards, users are not permitted to save such files on non-university computers.

Do not use e-mail to send files with private data

Normal use of e-mail often saves copies of messages and attachments on every computer from which mail is checked. Webmail is better, but not perfect. Use alternatives such as the Shared drive or NetFiles instead.

Do not share passwords with co-workers, assistants, or family

On campus, your password is often used as your signature. The more people who know your password, the more likely it is to get into the wrong hands. There are alternative practices to make this easier.

Need Help Now?

CLA Office of Information Technology
110 Anderson Hall
257 19th Ave S.
Minneapolis, MN 55455

612-624-4357 (4-HELP)
help@cla.umn.edu

Contact the CLA-OIT website maintainer: webhelp@cla.umn.edu

© 2005 Regents of the University of Minnesota. All rights reserved.
The University of Minnesota is an equal opportunity educator and employer.

Trouble seeing the text? | Privacy
One Stop | Contact U of M