Penn State University | Information Privacy and Security

home | phase ii | best practices
Best Practices

Identify and inventory sensitive information by using Proventsure's Governance and Compliance scanning software.

Remove immediately any sensitive information discovered from the scan.

Dispose of sensitive data after it is no longer needed (whether in paper or electronic format).

Secure sensitive data in an encrypted format and store on a file server if there is an approved business need to store the data.

Never store sensitive data on a laptop, mobile device or personally owned machine.

Create internal policies - examples:

Require re-authentication after 15 minutes of idle time.

Enforce a strong password (combination of uppercase, lowercase, symbol and/or number) every 90 days.

Prohibit the storage or transfer of sensitive information on USB/thumb drives or other removable media.

Prohibit the storage or use of sensitive information on home machines.

Keep paper trails containing sensitive information in a locked cabinet with limited access at all times.

Teach faculty and staff how to handle sensitive information to limit potential risk.

Immediately report the mis-use or loss of sensitive information to the IPAS group (ipas@psu.edu or 814-867-1340).

Restrict access to sensitive data to only those who have a business need to know.


...home PHASE II Scanning FAQs Fact Sheet Best Practices Supporting Tools General FAQs PSU Policies Links of Interest Educational Offerings	home \| phase ii \| best practices Best Practices Identify and inventory sensitive information by using Proventsure's Governance and Compliance scanning software. Remove immediately any sensitive information discovered from the scan. Dispose of sensitive data after it is no longer needed (whether in paper or electronic format). Secure sensitive data in an encrypted format and store on a file server if there is an approved business need to store the data. Never store sensitive data on a laptop, mobile device or personally owned machine. Create internal policies - examples: Require re-authentication after 15 minutes of idle time. Enforce a strong password (combination of uppercase, lowercase, symbol and/or number) every 90 days. Prohibit the storage or transfer of sensitive information on USB/thumb drives or other removable media. Prohibit the storage or use of sensitive information on home machines. Keep paper trails containing sensitive information in a locked cabinet with limited access at all times. Teach faculty and staff how to handle sensitive information to limit potential risk. Immediately report the mis-use or loss of sensitive information to the IPAS group (ipas@psu.edu or 814-867-1340). Restrict access to sensitive data to only those who have a business need to know.
Privacy and Legal Statements \| Copyright 2007 The Pennsylvania State University \| Contact Us