In addition to standard safe computing habits, there are additional suggested guidelines for dealing with restricted data.
Sharing Restricted Data:
Safeguarding Restricted Data:
"Handling" information relates to when you view, update, or delete data. It also relates to when you transfer the data from one location to another. The data does not have to be electronically stored. It could be stored in a filing cabinet or in a binder. The data could be in a report or in a memo.
Based upon how the data is classified (Restricted, Sensitive, Public), it may have certain precautions which need to be taken when handled.
Any comments regarding these requirements should be emailed to email@example.com. Keep in mind these requirements evolve as the technology improves.
|Access - Read Only||Individually Authorized||Role Based||No Controls|
|Access - Write||Individually Authorized||Role Based||Role Based|
|Secondary Use||Prohibited||As Authorized||As Authorized|
|Physical Data Storage||Access controlled by area||Non-public Area||No Controls|
|Communication||Encryption may be required for external tranmission||Encryption generally not required||No Controls|
|Data Tracking||Location of data should be tracked||None||None|
|Destruction||Overwrite or Destroy Media||Erase Media||No Controls|
|Auditing||Log All Changes||Log Changes||No Controls|
|Workstation Placement||Non-public Area||Non-public Area||No Controls|
Some information was adapted from Purdue University.
Last updated May 21, 2009