Frequently Asked Questions - Security :: Protected Information

Printer-friendly version

It is not safe to store PII (Level 1) data or sensitive data on cloud computing storage. This type of University record or data falls into a category that is protected by California law.

Printer-friendly version

 Level 1 data should never be sent via email.  Some of the reasons that email is not appropriate are:

  • neither the sender nor receiver can be readily verified.  This means that there is no way to insure that the right person receives the email message,
  • Email systems are specifically designed to be accessible by any device, anywhere anytime, Level 1 data may not be stored on systems not owned by the University. 

 

Printer-friendly version

Simply deleting a file does not erase the information contain in that file; it just makes the space occupied by that information available to the device to store other data. So, until it is overwritten by information from another file, that deleted data can be recovered using easily-available tools. The military standard for secure data destruction recommends three separate overwrite passes to render data inaccessible; ITS maintains a list of overwriting programs that meet HSU standards for data destruction. These tools take a long time to run and must be verified before the storage device can be declared clear of any recoverable information, so it makes sense to have IT handle this process for you.

Printer-friendly version

We wouldn't advise it. Encryption is a complex process that involves scrambling data in such a way that it can only be unscrambled with a special key that you create as part of the encryption process. If you lose that key, your data is likely gone for good. An experienced computer technician can handle the encryption and ensure that there is fall-back way to access your data if you lose the key.

Printer-friendly version

No! Level 1 protected information must never be taken off campus or transferred to a machine that's not owned by the University. Please talk to your ITC about the best way to accomplish your goal.

Printer-friendly version

Every computer owned by HSU must be periodically scanned using specialized software to determine whether protected information is on that computer. This process is called the PII Scan and should be undertaken only with the assistance of IT. The technician will help you to install and run the software, which will output a report describing the information found that may be regarded as protected. You need to review this report to determine which items of information identified by the software are Level 1 protected data and which are "false alarms". (IT cannot do this step for you). Appropriate action can then be taken by IT to ensure that any Level 1 protected data you have a demonstrable need to have on your computer is encrypted to secure it.

Printer-friendly version

"Protected data" is an umbrella term for information that is linked to an individual person's identity, such as Social Security numbers, drivers' license data, and credit card or bank account information (sometimes called Personally-Identifiable Information, or PII) and which can be used to facilitate identity theft. Learn more about the steps HSU takes to protect the confidential data stored on its networks.

 

 

 

 

feedback