Overview

Protecting sensitive data and personally identifiable information (PII) is just as important as protecting buildings and devices.  Compromised data puts a person's identity at risk.  UWF employees have a responsibility to protect the data of all UWF students; this includes prospective, current, and former UWF students.

Examples of personally identifiable information

  • Addresses, email addresses, and phone numbers
  • Race, ethnicity, and gender data
  • Driver's license and Social Security numbers (in full or in part)
  • Student grades, scores, and schedules
  • Date of birth
  • City of birth
  • Passwords and credentials
  • Medical, counseling, and health insurance information
  • Biometric data (e.g. fingerprints, voice, or typing rhythm)

Examples of other sensitive data

Some personal information is considered particularly sensitive under the law.

  • Social Security numbers
  • Student records
  • Tax return information
  • Bank account numbers and account balances
  • Credit and debit card information
  • Login credentials
  • Precise geolocation data (latitude and longitude)

Tips to protect personally identifiable information and other sensitive data

Do your best to avoid printing this data on paper

When you do have to print this data, be sure it's kept in a secure, locked location.  Also be sure to shred and discard the printouts once they are no longer needed.

Be cognizant of the location of this data

Don't leave information where anyone can view it.

Do you best to avoid storing this data on your devices

When you do have to save this data to your devices, be sure to keep your devices locked when not in use.  Also be sure to securely delete your data when it is no longer needed.

UWF employees can also use Spirion to scan their UWF-owned machines for PII and other sensitive data and delete it.  UWF employees can also use this program to permanently delete this data when they no longer need it.  UWF employees should visit Using Spirion and Remediating Data for additional details.

Encrypt your devices, if they store this data

If your device is ever lost or stolen, the cost of the device isn't the only cost to consider.  If someone is able to unlock the device, and the device contains PII and other sensitive data, then the cost of the breach has just increased exponentially.  According to IBM's 2016 Cost of a Data Breach Report, the average size of a data breach is 23,834 records, and the average total cost of a data breach is $4 million.  This means the affected entity paid an average of $167 for each compromised record in the data breach.

To help protect devices from being compromised after they've been lost or stolen, they should be encrypted, especially if they store PII and other sensitive data.  Even though a locked device will prevent novices from getting to the data stored on the device, more experienced hackers have other ways of getting the data from the device.  But if the device were encrypted – meaning that all the data on the device is unreadable without your password – then hackers would need your password to retrieve data from the device.

UWF employees should visit Endpoint Workstation Minimum Standard* and contact their LSPs if they want or need their devices encrypted. For UWF employees who don't know who their LSPs are, they should contact the ITS Help Desk (helpdesk@uwf.edu; 850.474.2075).

Where possible, use a private office when discussing private or sensitive information

This way, eavesdroppers are less likely to hear what's being discussed.