Location: Bowdoin / IT / FYI / Information Security / Security For / Handling of Electronically Stored Information (Computer-based)

Information Security

Get Help

Submit Help Ticket 24/7

Live Chat

Faculty/Staff
x3030 or 207-725-3030
Students
x5050 or 207-721-5050

Handling of Electronically Stored Information (Computer-based)

What function do you want to know about?

Storage on fixed media with access controls (e.g. network server drives)

Public
No encryption required.
Sensitive
No encryption required.
Restricted
No encryption required, but recommended for credit card & bank account information.

Storage on fixed media without access controls, but accessible via the web

Public
No encryption required.
Sensitive
Not advised.  If you must store data via this media, it must be encrypted.
Restricted
Not allowed.

Storage on fixed media without access controls, but not accessible via the web (e.g. laptop, portable hard drive)

Public
No encryption required.
Sensitive
No encryption required.
Restricted
Strongly discouraged.  If restricted data must be stored on such devices, the devices must be stored in a secured location when not in use (e.g. Store data on a removable drive and lock in desk when not in use).  Encryption strongly encouraged.

Storage on removable media (e.g. CDs, USB thumb drives, portable hard drives)

Public
No encryption required.
Sensitive
No encryption required.
Restricted
Store in secured location when not in use.  Encryption strongly encouraged.

Storage in email
Public
No special requirement.
Sensitive
No special requirement.
Restricted
Strongly discouraged.  If used, encryption is strongly recommended.

Read access to information (includes duplication)

Public
No special requirement.
Sensitive
Access is not restricted based on the data.  Access to information is based on roles defined by Data Owners.
Restricted
Access is restricted based on data.  Access to information is based on roles defined by Data Owners.

Create / Update access to information

Public
Access to information is based on roles defined by Data Owners.
Sensitive
Create/update are not restricted based on data.  Access is based on roles defined by Data Owners.
Restricted
Create/update are restricted based on data.  Access is based on roles defined by Data Owners.

Delete access to information

Public
Access to information is based on roles defined by Data Owners.
Sensitive
Deletes are not restricted based on the data.  Access is based on roles defined by Data Owners.
Restricted
Deletes are restricted based on data.  Access is based on roles defined by Data Owners.
Print hard copy report of information
Public
No special requirement.
Sensitive
Unattended printing permitted only if physical access controls are used to prevent unauthorized viewing.
Restricted
Unattended printing permitted only if physical access controls are used to prevent unauthorized viewing.  Printouts are to be picked up as soon as possible.
Internal labeling of information at the application or screen/display level
Public
No special requirement.
Sensitive
No special requirement.
Restricted
If a person has requested their directory information be restricted, that person's chosen restricted directory option must be noticeably displayed along with the information.
Disposal of the physical electronic media device (diskettes, tapes, hard disks, etc.), where physical media is not going to be re-purposed for College use
Public
No special requirement.
Sensitive
Physical destruction beyond ability to recover.
Restricted
Physical destruction beyond ability to recover.
Disposal of information where physical media is going to be re-purposed for College use
Public
No special requirement.
Sensitive
Clear or wipe media according to media disposal guidelines.
Restricted
Sanitize media according to media disposal guidelines.
Data Owner review Data Confidentiality for continued applicability
Public
Review at least annually and whenever significant changes are made to data or systems.
Sensitive
Review at least annually and whenever significant changes are made to data or systems.
Restricted
Review at least annually and whenever significant changes are made to data or systems.

Handling of Printed Information (paper, microfiche, microfilm)
Handling of Electronically Transmitted Information
Back to Handling Restricted Data Overview.

Last updated May 21, 2009



Document author:
ngrant
Last modified:
Oct 02, 2009