Protecting Sensitive Information

securety word cloud

Protection of personal and institutional data is paramount to ensure the confidentiality of this information. Sensitive information, such as personally identifiable information, known is PII, such as names and addresses, Social Security Numbers, HIPAA and FERPA privacy information carries even more stringent protection needs. Follow these best practices and security standards to ensure protection of our information and data.

For GPC data protection requirements and guidelines, refer to the: GPC Data Classification and Handling Policy.

How Do You Know if Your Privacy is Being Protected Online?

Privacy policy – Before submitting your name, email address, or other personal information on a website, look for the site’s privacy policy. This policy should state how the information will be used and whether or not the information will be distributed to other organizations. Companies sometimes share information with partner vendors who offer related products or may offer options to subscribe to particular mailing lists. Look for indications that you are being added to mailing lists by default—failing to deselect those options may lead to unwanted spam. If you cannot find a privacy policy on a website, consider contacting the company to inquire about the policy before you submit personal information, or find an alternate site. Privacy policies sometimes change, so you may want to review them periodically.

Evidence that your information is being encrypted – To protect attackers from hijacking your information, any personal information submitted online should be encrypted so that only the appropriate recipient can read it. Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with “https:” instead of “http:” and a lock icon in the bottom right corner of the window. Some sites also indicate whether the data is encrypted when it is stored. If data is encrypted in transit but stored insecurely, an attacker who is able to break into the vendor’s system could access your personal information.

What Additional Steps Can you Take to Protect Your Privacy?

Do business with credible companies – Before supplying any information online, consider the answers to the following questions:

  • Do you trust the business?
  • Is it an established organization with a credible reputation?
  • Does the information on the site suggest that there is a concern for the privacy of user information?
  • Is there legitimate contact information provided?
  • Secure Erase is performed – Secure Erase is a standard in modern hard drives. If you select a program that runs the Secure Erase command, it will erase data by overwriting all areas of the hard drive, even areas that are not being used.
  • Data is written multiple times – It is important to make sure that not only is the information erased, but also new data is written over it. By adding multiple layers of data, the program makes it difficult for an attacker to “peel away” the new layer. Three to seven passes is fairly standard and should be sufficient.
  • Random data is used – Using random data instead of easily identifiable patterns makes it harder for attackers to determine the pattern and discover the original information underneath.
  • Zeros are used in the final layer – Regardless of how many times the program overwrites the data, look for programs that use all zeros in the last layer. This adds an additional level of security.

While many of these programs assume that you want to erase an entire disk, there are programs that give you the option to erase and overwrite individual files.

An effective way to ruin a CD or DVD is to wrap it in a paper towel and shatter it. However, there are also hardware devices that erase CDs or DVDs by destroying their surface. Some of these devices actually shred the media itself, while others puncture the writable surface with a pattern of holes. Many paper shredders will also shred CDs and DVDs. If you decide to use one of these devices, compare the various features and prices to determine which option best suits your needs.