|One Step Ahead
January 22, 2008, Volume 54, No. 18
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Disappoint Dumpster Divers and Hackers
Much has been written and said, with good reason, about the importance of getting rid of sensitive data that is no longer needed. Keeping unnecessary paper documents and electronic files that contain confidential information creates unnecessary risks, both to individuals whose data is involved and to Penn. At the same time, it is of critical importance that destruction of such data be handled appropriately.
Paper Files. Review your files containing confidential data and shred them when appropriate. (See “Reminder” below.) To arrange for shredding services contact the University Records Center at (215) 898-9432. You can have any number of shredding bins placed onsite, with regular pickups, based on your office’s needs.
Electronic Files. To securely delete electronic files that are appropriate for destruction, contact your LSP for options. For example, individual files can be securely destroyed using the PGP Shred function.
Reminder: Information must not be shredded or deleted if it is an original and still within the University’s records retention requirements. Nor should information be destroyed if there is an actual or likely claim, lawsuit, government investigation, subpoena, summons or other ongoing matter involving such records. If you have any doubt, retain the information and keep it secure.
For information and tools to host your own Records Cleanup Day, see www.upenn.edu/privacy.
To receive weekly OneStepAhead tips via email, send email to firstname.lastname@example.org with the following text in the body of the message: sub one-step-ahead <your name>.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.