Protected Information


The law requires that HSU and its employees, consultants, and independent contractors maintain the confidentiality, security, and integrity of all personally-identifiable information (PII) stored and/or used by anyone associated with the University.

Because information is stored in many forms, securing confidential and/or personally identifiable information includes protecting it when it's on screen, when it's in storage, and when you dispose of it. If such information leaks, there are serious consequences for both the individuals concerned and the University. So HSU operates a comprehensive data protection policy designed to ensure that no confidential information is accessible to anyone not authorized to do so, and does not permit HSU protected data to be stored on computers not owned by HSU.

Remember: if your data is not secure, it's not your data.

Who's it for?

System Configuration

The first level of protection for all data, not just confidential data, is the use of the HSU User Name and Password, which is the only aspect of HSU's authentication and authorization infrastructure you'll normally see; this process is compatible with all popular browsers.

Beyond that, two additional layers of protection come into play: software that identifies which information needs to be protected, and software that actually secures that information. HSU supports software that runs under Windows (Vista and later), Mac (OS X 10.4 and later) and Linux (Ubuntu, Fedora) to achieve these goals.


Additional Information

Check out the data classification table to learn how different types of information are categorized for the purposes of security.

Learn more about how computer systems and other devices that have been used to store confidential data can be safely transferred, recycled, or destroyed to ensure that information can never be retrieved by anyone.

Accessing This Service

Please consult ITS before you begin; they will be able to help you with tools to complete the survey and to provide the results to the central information security office.

All preparatory material can be found in the PII Scan Quick Guide and Survey Form, which contains instructions for running the Protected Information (PII) Scan and completing the Protected Information Survey Form.

Once PII has been identified, appropriate steps can be taken to protect it. This will usually involve encryption, and should only be undertaken by experienced technical personnel; if encryption goes wrong, the data will likely be lost forever.

Using This Service

All activities related to the protection of sensitive and/or confidential data must be undertaken with the assistance of qualified IT personnel.

Once you've downloaded and reviewed the PII Scan Quick Guide and Survey Form, work with IT to:

  1. Select one of the recommended tools to scan your computer for protected information.
  2. Complete page 2 of the Protected Information Survey Form and return this form to your supervisor or to ITS directly after you complete the scan.

If you discover PII on your computer that you need to continue to store, print and complete the PII Storage Authorization Form and return it to your supervisor or to ITS directly. This information will need to be encrypted, so please work with ITS to ensure this is done as soon as possible.

When protected data on your system is no longer required, or when your hard drive or entire system is replaced, the data must be overwritten multiple times to ensure that it cannot be recovered. IT staff have access to a number of sophisticated tools to accomplish this task.

Frequently Asked Questions

All matters related to protected data should be referred to the Campus Information Security Officer at


The management of protected data on campus is covered by the HSU Executive Memo regarding Protected Information and by the CSU Responsible Use Policy. A number of other CSU policies as well as state and federal laws also address various issues around the use and misuse of confidential information.