The news is filled with data breaches on a weekly basis, and that law or the institution did not require the data stolen to be retained due to the data retention requirements. We can all reduce the impact in the event of a data breach by reducing unnecessary data. Some sensitive data, such as Personally Identifiable Information (PII), could cause significant harm to an individual or to Florida A&M University.
Examples of sensitive data may include, but are not limited to:
- Social Security Numbers
- Credit Card Numbers
- Bank Account Information
- Disciplinary Information
- Employee Performance Information
- Patient Health Information
- Information Florida A&M University has promised to keep confidential
- Account passwords or encryption keys used to protect acces to confindential university data.
- Proprietary data, information, or intellectual property, in which the university has an exclusive legal interest or ownership right that, if compromised, could cause significant harm to Florida A&M University. Examples may include, but are not limited to:
- Business planning
- Financial information
- Copyrighted material
- Software or comparable material from a third party where the university has agreed to keep such material confidential.
Inappropriate handling of this data could result in criminal or civil penalties, identity theft, personal financial loss, invasion of privacy, and/or unauthorized access to this type of information by an individual or many individuals.
Before securely deleting data please contact the Department of Business Services to discover what retention laws may apply to the data you are deleting.
Remove Personal Identifiable Information
We recommend the use of Identity Finder monthly to remove social security numbers, credit card numbers and any other personal identifiable information that you may not be aware of on your work device.
Do not just throw or tear paper and place it in the recycle bin. Use a paper shredder.
Disposing of Computers-To ensure compliance with federal and state statutes associated with confidential information, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Family Educational Rights and Privacy Act (FERPA) and University software licensing agreements, the USM IT Security guidelines requires the removal of all data on computers or electronic storage devices prior to the equipment being disposed of. For more information, please visit the following websites:
Dispose of Printers and Copy Machines
Most people take precautions to wipe data off their computers' hard drives before getting rid of them, but take note: most copy machines store a digital image of every document scanned or copied. Fortunately, most manufacturers provide exact instructions on how to clear this data, so check your machine's manual before you get rid of it. Or, if your copy machine is leased, contact the vender to find out how to securely erase the data. Further, ask for verification when the lease is up that the drives have been securely erased, and keep the verification forms for 3 years.