Handle Data with Care

You are the first and best line of defense in protecting University data.   Unintentional, accidental, or malicious release of personally identifiable information or other protected information can expose the University to regulatory or legal action, reputational damage, financial consequences, as well as negatively affecting the privacy of University community members.  

There are specific data handling requirements for the different types of regulated data and information about your responsibilities for handling and use of regulated data is available from your manager or department. 

The following guidelines are provided to ensure secure handling of all other data.  

Know What You Have and Only Keep What You Need

  • Only collect and retain information for which you have a legitimate business need.
  • Understand the classification of the data you are using, storing, or interacting with (see USNH Data Classification Policy)
  • If you have questions about the classification of any data, contact the appropriate data steward or Information Security Services (ISS) for assistance.
  • Backup mission critical information to appropriate secure storage and test recovery.
  • Use the Data Scanning Service provided by ISS to ensure you are not retaining protected information on your device.
  • Ensure that only authorized persons can access the information for which you are responsible.

 Store and Process University Information Appropriately

  • University information should only be stored on institutionally-owned devices and in approved University applications.
  • Information classified as Restricted:
    • Must be stored according to the current standards published by UNH IT.   If you have questions about where restricted information can be stored, contact ISS.
    • Must not be copied to portable media such as external hard drives, CDs, and removable flash drives.
    • Must only be accessed, stored, or otherwise managed on an institutionally-owned device that is encrypted using the current UNH ISS encryption solution
  • Lock printed and other non-electronic forms or documents that contain protected information in secure locations.
  • Limit access to stored records to authorized persons. For example, if others have access to your work space or desk during or after work hours, lock up printed material that is not under your direct control.
  • Information classified as sensitive or restricted cannot be stored in or processed by external application or systems without permission from UNH ISS.

 Dispose of University Information Appropriately

  • All institutionally-owned devices must be decommissioned via the SEED program to ensure all institutional data is securely destroyed before the equipment is recycled.
  • Institutional information in printed form must be shredded.

If you have questions about secure handling of data, contact UNH Information Security Services.

Custom Fields
  • Author: UNH Information Security Services
  • Department: Information Security Services
Attached Files
There are no attachments for this article.
Related Articles RSS Feed
PCI DSS - Payment Card Security
Viewed 2860 times since Thu, May 7, 2015
UNH Information Security Services - Tax Season Resources
Viewed 640 times since Wed, Feb 21, 2018
Network Registration & Vulnerability Scans
Viewed 1799 times since Wed, Apr 29, 2015
Password Managers 101
Viewed 1202 times since Mon, Oct 16, 2017
Vendor Contracts: Privacy Considerations, Security Review, and NDA
Viewed 3033 times since Mon, May 4, 2015
Signs Your Account is Compromised
Viewed 1065 times since Wed, Aug 16, 2017
Microsoft Security Essentials and Windows Defender Usage
Viewed 8061 times since Wed, Aug 12, 2015
COPPA: Children’s Online Privacy Protection
Viewed 2114 times since Wed, Apr 29, 2015
Microsoft Security Essentials and Windows Defender Installation
Viewed 55463 times since Wed, Aug 12, 2015
Find sensitive data before the bad guys do
Viewed 154 times since Tue, May 7, 2019