Hacked: UC Berkeley. Michigan State. University of Calgary. University of Maryland.
As Forbes and other news outlets have reported, those schools are just a few of the hundreds of higher education institutions who’ve lost to hackers sensitive data and records pertaining to current and former students, and employees. Not only did that data fall into wrong hands, but institutional reputations were damaged and financial costs for recovery were high. In some cases, individuals saw their credit ratings get ruined.
Only constant vigilance of their data by everyone at Fordham will lower the risks of University data getting stolen.
Such vigilance is necessary because data breaches occur in the education sector every single day. But theft of social security numbers, credit card information, student transcripts, sensitive documents, and other personally identifiable information becomes much more difficult when this data gets stored in a secure location, safe and out of reach from hackers.
You might be thinking, Is it okay to store my credit card info on a thumb drive? Can I leave last year’s performance review in OnBase? Where should I store my sensitive data? And how do I know what kind of data is considered sensitive? Does Fordham have any policies regarding sensitive data?
Good questions! Fordham IT has equally good answers and solutions. We must, because Fordham University takes seriously its commitment to protect the privacy of its students, alumni, faculty, and staff by protecting the confidentiality of their personally identifiable information.
Understanding Different Types of Data
To know where to store your data, you first need to classify the sensitivity level of your data. Use Fordham’s Data Classification Guidelines to determine that level, of which there are three: Protected Data, Sensitive Data, and Public Data. Fordham’s Data Classification Policy contains full details about how to handle all data created by the University’s employees, student workers, consultants and agents during the course of University business.
Fordham Protected Data Any data that contains personally identifiable information concerning any individual, or is regulated by local, state, or federal privacy regulations. This data fall under best practices concerning protection of personally identifiable information followed by Fordham. Examples of Protected Data:
- Social security number
- Student transcripts
- Student loan information
- Health status
- Credit card data
Fordham Sensitive Data Any data classified according to the internal standard operating procedures that create and/or maintain the data. Sensitive is Fordham’s default data classification and should be assumed when there is no information indicating the data should be classified as protected or public. Examples of Sensitive Data:
- Employee compensation
- Annual budget information
- Fordham University investment data
Unauthorized disclosure of protected or sensitive data may have adverse effects on Fordham University’s reputation, resources, services, or community members.
Fordham Public Data Any data that Fordham intends to make available to the general public. This data does not contain personally identifiable information. Examples of Public Data:
- Department faculty lists
- Fordham University web site
- Published research
- Campus map
Where to Store Your Data Now that you’ve determined what kind of data you have, you need to find the most appropriate place to store it. For data classified as protected or sensitive, storage needs to be secure. Public Data does not need to be stored securely.
To determine the most appropriate and secure storage solutions, consult the grid in our Data Classification Guidelines. Columns show different types of data. Rows contain applications, storage platforms, and services that can be used with the different types of data.
More Questions? If you have any questions regarding the storage, transporting, or sharing of data among colleagues, both within or outside the University, or how to securely dispose of Fordham Protected or Fordham Sensitive data you no longer need, or a question about our Data Classification Policy, please contact Fordham IT’s University Information Security Office at infosec@fordham.edu.
Thank you! When you take the time to determine the kind of data you have and where to store it, you’re being a responsible member of the Fordham community and you’re being a good digital citizen. You’re helping to prevent Fordham University from becoming another statistic in a long line of data breaches.
Information risk management isn’t someone else’s responsibility. It’s everyone’s responsibility, including yours.