Handle Data with Care
You are the first and best line of defense in protecting University data. Unintentional, accidental, or malicious release of personally identifiable information or other protected information can expose the University to regulatory or legal action, reputational damage, financial consequences, as well as negatively affecting the privacy of University community members.
There are specific data handling requirements for the different types of regulated data and information about your responsibilities for handling and use of regulated data is available from your manager or department.
The following guidelines are provided to ensure secure handling of all other data.
Know What You Have and Only Keep What You Need
- Only collect and retain information for which you have a legitimate business need.
- Understand the classification of the data you are using, storing, or interacting with (see USNH Data Classification Policy)
- If you have questions about the classification of any data, contact the appropriate data steward or Information Security Services (ISS) for assistance.
- Backup mission critical information to appropriate secure storage and test recovery.
- Use the Data Scanning Service provided by ISS to ensure you are not retaining protected information on your device.
- Ensure that only authorized persons can access the information for which you are responsible.
Store and Process University Information Appropriately
- University information should only be stored on institutionally-owned devices and in approved University applications.
- Information classified as Restricted:
- Must be stored according to the current standards published by UNH IT. If you have questions about where restricted information can be stored, contact ISS.
- Must not be copied to portable media such as external hard drives, CDs, and removable flash drives.
- Must only be accessed, stored, or otherwise managed on an institutionally-owned device that is encrypted using the current UNH ISS encryption solution
- Lock printed and other non-electronic forms or documents that contain protected information in secure locations.
- Limit access to stored records to authorized persons. For example, if others have access to your work space or desk during or after work hours, lock up printed material that is not under your direct control.
- Information classified as sensitive or restricted cannot be stored in or processed by external application or systems without permission from UNH ISS.
Dispose of University Information Appropriately
- All institutionally-owned devices must be decommissioned via the SEED program to ensure all institutional data is securely destroyed before the equipment is recycled.
- Institutional information in printed form must be shredded.
If you have questions about secure handling of data, contact UNH Information Security Services.