Tuesday, April 25, 2006 - Almanac Vol. 52, No. 31
Don’t Download Sensitive Data Unless You Absolutely Have To
Several weeks ago, at a peer institution, a researcher’s laptop containing sensitive HIV-related information about 1500 patients was stolen from the researcher’s home. This was not an isolated incident. More and more data breaches are occurring as a result of lost or stolen laptops. Data is also at risk when it is stored on an unsecured desktop.
The best way to avoid risks to sensitive data, to people, and to Penn is simply to not download sensitive data unless you absolutely must. Your Local Support Provider (LSP) can advise you on how you can instead store and access sensitive documents on properly secured departmental file servers. They should be used whenever possible to reduce the number of points of possible vulnerability. If you must download sensitive data, contact your LSP for assistance in encrypting the file, securing your machine, and securely deleting the information once it is no longer necessary.