Location:
Bowdoin
/
IT
/
FYI
/
Information Security
/
Security For / Handling of Electronically Stored Information (Computer-based)
Information Security
Get Help
- Faculty/Staff
- x3030 or 207-725-3030
- Students
- x5050 or 207-721-5050
Handling of Electronically Stored Information (Computer-based)
What function do you want to know about?
- Storage on fixed media with access controls (e.g. network server drives)
- Storage on fixed media without access controls, but accessible via the web
- Storage on fixed media without access controls, but not accessible via the web (e.g. laptop, portable hard drive)
- Storage on removable media (e.g. CDs, USB thumb drives, portable hard drives)
- Storage in email
- Read access to information (includes duplication)
- Create / Update access to information
- Delete access to information
- Print hard copy report of information
- Internal labeling of information at the application or screen/display level
- Disposal of the physical electronic media device (diskettes, tapes, hard disks, etc.), where physical media is not going to be re-purposed for College use
- Disposal of information where physical media is going to be re-purposed for College use
- Data Owner review Data Confidentiality for continued applicability
Storage on fixed media with access controls (e.g. network server drives)
- Public
- No encryption required.
- Sensitive
- No encryption required.
- Restricted
- No encryption required, but recommended for credit card & bank account information.
Storage on fixed media without access controls, but accessible via the web
- Public
- No encryption required.
- Sensitive
- Not advised. If you must store data via this media, it must be encrypted.
- Restricted
- Not allowed.
Storage on fixed media without access controls, but not accessible via the web (e.g. laptop, portable hard drive)
- Public
- No encryption required.
- Sensitive
- No encryption required.
- Restricted
- Strongly discouraged. If restricted data must be stored on such devices, the devices must be stored in a secured location when not in use (e.g. Store data on a removable drive and lock in desk when not in use). Encryption strongly encouraged.
Storage on removable media (e.g. CDs, USB thumb drives, portable hard drives)
- Public
- No encryption required.
- Sensitive
- No encryption required.
- Restricted
- Store in secured location when not in use. Encryption strongly encouraged.
- Storage in email
- Public
- No special requirement.
- Sensitive
- No special requirement.
- Restricted
- Strongly discouraged. If used, encryption is strongly recommended.
Read access to information (includes duplication)
- Public
- No special requirement.
- Sensitive
- Access is not restricted based on the data. Access to information is based on roles defined by Data Owners.
- Restricted
- Access is restricted based on data. Access to information is based on roles defined by Data Owners.
Create / Update access to information
- Public
- Access to information is based on roles defined by Data Owners.
- Sensitive
- Create/update are not restricted based on data. Access is based on roles defined by Data Owners.
- Restricted
- Create/update are restricted based on data. Access is based on roles defined by Data Owners.
- Public
- Access to information is based on roles defined by Data Owners.
- Sensitive
- Deletes are not restricted based on the data. Access is based on roles defined by Data Owners.
- Restricted
- Deletes are restricted based on data. Access is based on roles defined by Data Owners.
- Print hard copy report of information
- Public
- No special requirement.
- Sensitive
- Unattended printing permitted only if physical access controls are used to prevent unauthorized viewing.
- Restricted
- Unattended printing permitted only if physical access controls are used to prevent unauthorized viewing. Printouts are to be picked up as soon as possible.
- Internal labeling of information at the application or screen/display level
- Public
- No special requirement.
- Sensitive
- No special requirement.
- Restricted
- If a person has requested their directory information be restricted, that person's chosen restricted directory option must be noticeably displayed along with the information.
- Disposal of the physical electronic media device (diskettes, tapes, hard disks, etc.), where physical media is not going to be re-purposed for College use
- Public
- No special requirement.
- Sensitive
- Physical destruction beyond ability to recover.
- Restricted
- Physical destruction beyond ability to recover.
- Disposal of information where physical media is going to be re-purposed for College use
- Public
- No special requirement.
- Sensitive
- Clear or wipe media according to media disposal guidelines.
- Restricted
- Sanitize media according to media disposal guidelines.
- Data Owner review Data Confidentiality for continued applicability
- Public
- Review at least annually and whenever significant changes are made to data or systems.
- Sensitive
- Review at least annually and whenever significant changes are made to data or systems.
- Restricted
- Review at least annually and whenever significant changes are made to data or systems.
Handling of Printed Information (paper, microfiche, microfilm)
Handling of Electronically Transmitted Information
Back to Handling Restricted Data Overview.
Last updated May 21, 2009
- Document author:
- ngrant
- Last modified:
- Oct 02, 2009
Emergency Information | Help
Send Feedback | Print Page
Connect on Bowdoin Social »
Bowdoin College · Brunswick, Maine · 04011 · 207-725-3000