Electronic Handling, Storage and Disposal
- Do not transmit confidential information via any wireless technology, e-mail, or the Internet unless the connection is secure, or the information is encrypted.
- Do not store unencrypted confidential information on a PDA, laptop computer/desktop computer's hard drive, USB drive, CD, flash memory card, floppy drive, or other storage media.
- All confidential information on mobile (or otherwise physically insecure) systems must be encrypted (please see NIST Cryptographic Module Validation Program for information on approved encryption programs). In addition, all encryption keys should be escrowed.
- Do not store confidential information obtained from LSU systems on media or other systems unless required by the University or by law.
- Dispose of media (such as disks, tapes, hard drives) that contain confidential information in a manner that protects the confidentiality of the information.
Physical Handling, Storage and Disposal
- Do not take confidential information off-campus unless encrypted.
- Shred confidential information when it is no longer needed. Do not discard confidential information in the trash.
- Do not publicly display confidential information, or leave confidential information unattended, even on your desk, or on the desk of a co-worker.
- Lock your computer when unattended.
- Lock offices, desks, and files that contain confidential information when unattended.
- Eliminate the use of forms that ask for confidential information whenever possible.
- At a minimum, password-protect all confidential information, and accounts with access to confidential information.
- Do not share passwords, and do not document passwords.
- The Gramm-Leach-Bliley Act (GLBA), FERPA, and HIPAA laws should be followed when dealing with confidential or private information.
Legal Disclosure Requirements
- Do not share confidential information documents or information with anyone unless required by government regulations, specific LSU job responsibilities, or business requirements. Be prepared to say “no” when asked to provide that type of information.
- Do not communicate confidential information to others unless you know they are approved to handle confidential information.
- Notify Information Technology Services (ITS) and the data steward if you suspect confidential information may have been compromised.
For information on how to find sensitive data, see our GROK article.