Information Security
Get Help
- Faculty/Staff
- x3030 or 207-725-3030
- Students
- x5050 or 207-721-5050
Handling Restricted & Sensitive Data
Restricted Data Overview
In addition to standard safe computing habits, there are additional suggested guidelines for dealing with restricted data.
- First of all, be aware. Know what is considered restricted data at Bowdoin. Know that the information you have may be confidential, protected by law, or can not be shared indiscriminately.
- Know where your restricted data is stored, and where it is going (in whatever form)!
- If you handle restricted data, your computing password should be changed more frequently than the recommended once a semester. Quarterly is a good habit. Some departments may have a policy requiring more frequent changes.
Sharing Restricted Data:
- Always check with your data owner to ensure the data may be shared.
- Never share restricted data within the body of a regular e-mail message. Even if it is sent within campus, it could be forwarded off-campus.
- Think again. Does the other party really need the restricted part of the information?
- You may encrypt a document, and then e-mail this as an attachment. Do not include the password to decrypt the attachment in this or any e-mail. Communicating the password by phone is recommended.
- When sending restricted information by common carrier (US Postal Service, Federal Express, UPS, etc.), encrypt the data and use a tracked shipping method.
- If you routinely exchange restricted data with others, consider using digital certificates. For more information on how to set this up, please contact Bowdoin IT Security at:
E-mail: itsecurity@bowdoin.edu
Phone: 207-725-3471
Safeguarding Restricted Data:
- If you regularly store restricted data on your computer, use encryption to protect it. Determine how to organize the restricted data and decide what files to encrypt.
- It is not a good practice to store restricted data on laptop or portable devices. If there is no viable alternative, see the section on encrypting laptops.
- If you do use encryption, remember there is no way to recover the data if you lose the password.
More Security Requirements for Handling Information
"Handling" information relates to when you view, update, or delete data. It also relates to when you transfer the data from one location to another. The data does not have to be electronically stored. It could be stored in a filing cabinet or in a binder. The data could be in a report or in a memo.
Based upon how the data is classified (Restricted, Sensitive, Public), it may have certain precautions which need to be taken when handled.
Any comments regarding these requirements should be emailed to itsecurity@bowdoin.edu. Keep in mind these requirements evolve as the technology improves.
- Handling of Printed Information (paper, microfiche, microfilm)
- Handling of Electronically Stored (Computer-based) Information
- Handling of Electronically Transmitted Information
General Data Protection Requirements
| Requirements | Data Classification | ||
|---|---|---|---|
| Restricted | Sensitive | Public | |
| Access - Read Only | Individually Authorized | Role Based | No Controls |
| Access - Write | Individually Authorized | Role Based | Role Based |
| Secondary Use | Prohibited | As Authorized | As Authorized |
| Physical Data Storage | Access controlled by area | Non-public Area | No Controls |
| Communication | Encryption may be required for external tranmission | Encryption generally not required | No Controls |
| Data Tracking | Location of data should be tracked | None | None |
| Destruction | Overwrite or Destroy Media | Erase Media | No Controls |
| Auditing | Log All Changes | Log Changes | No Controls |
| Workstation Placement | Non-public Area | Non-public Area | No Controls |
Some information was adapted from Purdue University.
Last updated May 21, 2009
- Document author:
- sblanc
- Last modified:
- Dec 14, 2009
Emergency Information | Help
Send Feedback | Print Page
Connect on Bowdoin Social »
Bowdoin College · Brunswick, Maine · 04011 · 207-725-3000