- » Account Request
- » Alumni Account Request
- » Calendar Request
- » Access Request
- » Disk Quota Increase
- » Exiting Employee
- » Request Forms and Processes
(ITS Staff only)
The law requires that HSU and its employees, consultants, and independent contractors maintain the confidentiality, security, and integrity of all personally-identifiable information (PII) stored and/or used by anyone associated with the University.
Because information is stored in many forms, securing confidential and/or personally identifiable information includes protecting it when it's on screen, when it's in storage, and when you dispose of it. If such information leaks, there are serious consequences for both the individuals concerned and the University. So HSU operates a comprehensive data protection policy designed to ensure that no confidential information is accessible to anyone not authorized to do so, and does not permit HSU protected data to be stored on computers not owned by HSU.
Remember: if your data is not secure, it's not your data.
The first level of protection for all data, not just confidential data, is the use of the HSU User Name and Password, which is the only aspect of HSU's authentication and authorization infrastructure you'll normally see; this process is compatible with all popular browsers.
Beyond that, two additional layers of protection come into play: software that identifies which information needs to be protected, and software that actually secures that information. HSU supports software that runs under Windows (XP and later), Mac (OS X 10.4 and later) and Linux (Ubuntu, Fedora) to achieve these goals.
Check out the data classification table to learn how different types of information are categorized for the purposes of security.
Learn more about how computer systems and other devices that have been used to store confidential data can be safely transferred, recycled, or destroyed to ensure that information can never be retrieved by anyone.
Please use the Protected Information Survey Form to collect the required information.
Every desktop and laptop system at HSU must be scanned for PII; if a computer system is used by multiple users, each user will need to run and evaluate their own PII scan results, taking care that the scan is limited to each individual user's files. While IT support will be required to assist users in scanning their systems, it is the user's responsibility to evaluate the output of the scan; this responsibility cannot be transferred to an IT staff member.
Any protected data found on an HSU-owned system must be protected by encryption. Non-technical personnel should not attempt to encrypt information unassisted; if something goes wrong, it will likely be impossible to recover the data.
The destruction of protected data that's no longer required is also a task for IT personnel. All such data needs to be overwritten using multiple-pass processes so that there is no possibility of the data being recovered.
Please consult ITS before you begin; they will be able to help you with tools to complete the survey and to provide the results to the central information security office.
All preparatory material can be found in the PII Scan Quick Guide and Survey Form, which contains instructions for running the Protected Information (PII) Scan and completing the Protected Information Survey Form.
Once PII has been identified, appropriate steps can be taken to protect it. This will usually involve encryption, and should only be undertaken by experienced technical personnel; if encryption goes wrong, the data will likely be lost forever.
All activities related to the protection of sensitive and/or confidential data must be undertaken with the assistance of qualified IT personnel.
Once you've downloaded and reviewed the PII Scan Quick Guide and Survey Form, work with IT to:
If you discover PII on your computer that you need to continue to store, print and complete the PII Storage Authorization Form and return it to your supervisor or to ITS directly. This information will need to be encrypted, so please work with ITS to ensure this is done as soon as possible.
When protected data on your system is no longer required, or when your hard drive or entire system is replaced, the data must be overwritten multiple times to ensure that it cannot be recovered. IT staff have access to a number of sophisticated tools to accomplish this task.
All matters related to protected data should be referred to the Campus Information Security Officer at firstname.lastname@example.org.
The management of protected data on campus is covered by the HSU Executive Memo regarding Protected Information and by the CSU Responsible Use Policy. A number of other CSU policies as well as state and federal laws also address various issues around the use and misuse of confidential information.