How Vulnerable Is Your Data?

When we think of data privacy, the first thought is likely about how we as individuals are vulnerable to having our information land in the hands of someone that should not have access to it. All too frequently we hear of high-profile data breaches that have occurred everywhere from federal and state agencies to retailers, health care providers, and in our own backyard here at UF.

A previous article mentioned that information is the currency of the digital age. Organizations that collect and store information about have have both a moral and legal responsibility to protect certain types of information and keep it private.

UF has the same obligation to protect data from many different perspectives: financial data, social security numbers, credit card numbers, student records, health records, just to list a few. Our responsibility as faculty and staff are governed by law and by internal policy. Two of the laws are the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA), and we can be held liable for unauthorized disclosures of private data. This can lead to fines, but in severe cases that involve willful negligence could lead to criminal prosecution.

What can you do to help prevent unintentional disclosure of private data?

First, you can educate yourself and be certain that you understand what kind of data is considered private. You should review UF policies periodically to see if anything has changed. Training for FERPA, HIPAA, and other information security topics can be found in the myUFL website under Main Menu:My Self Service:Training and Development:myTraining. Anyone that has access to student records should take the online course PRV802 (FERPA Basics) and everyone should take the online course PRV804 (Protecting Social Security Numbers).

Next, be sure that you are taking appropriate measures to ensure the security of your data. The UF Information Security website contains resources about data classification, encryption, media and media disposal as well as the relevant UF policies. If you are uncertain of whether or not the information you use and/or store must be protected, contact the UF Information Security office or CLAS IT for assistance in evaluating the data and what policies might be applicable in your situation. Some types of storage require more protection than others. Network File Servers are secure and maintained by CLAS IT and UF, whereas a desktop computer can also store private data, but this is less preferable than using network resources. UF laptop computers must be encrypted even if they do not contain private data. External hard drives or flash drives must also be encrypted. Portable media such as DVD’s or CD’s that contain private data should be kept in a locked container when not in use. Also, don’t leave the disks in your computer’s drive.

Protecting Your Passwords

Finally, It seems like every day there is a new password for us to remember. Don’t be tempted to use the same password on more than one system. If one system is compromised, an attacker may be able to determine enough information about you that could lead them to one of your other accounts. For example, if there is a breach of security at the public library where an attacker can determine your password and email address, they may be able to gain access to the account at your bank if you use the same password.

There are many good smartphone and computer applications that act as personal password keepers and many are free. Get one of them and use it. Make sure you are complying with UF’s password policy. The GatorLink system enforces periodic password expiration and requires the use of a strong password — one that is meaningful to you but difficult for anyone else to guess. Don’t disclose your password to anyone. CLAS IT or UF IT Help Desks should never ask you for it. Please remember, you are responsible for any actions if you share your password with someone — even an assistant.

It’s not difficult to be aware and follow those simple rules. The data you protect may be your own!

CLAS IT