The University has adopted a Data Stewardship procedure that specifies how University employees, students and authorized users of the University's IT resources (e.g. consultants, vendors, visitors, and contractors) can access sensitive data which is created, received or maintained by FIU. You may view the Data Stewardship Procedure at: http://policies.fiu.edu/record_profile.php?id=560&s=data%20stewardship
Briefly summarized, all individuals accessing sensitive data at the University must do so:
- Only as may be strictly necessary in the performance of their job or role at the University
- In compliance with all applicable state and federal laws
- In compliance with all University policies and procedures regarding data security
Highly sensitive data is defined as information which must be protected from disclosure by state or federal law, or by binding contractual arrangement. Among the types of data included in this category are individually identifiable financial or health information, social security numbers, credit card information, student education records and proprietary data protected by law or agreement.
The University requires that all highly sensitive data be handled as follows:
Hard Copy :
- These documents should never be stored temporarily or permanently where unauthorized individuals can have access to read, copy or photograph them.
- It is necessary to store these documents in file cabinets that have locks and that are located in an area that is locked except during normal business hours.
Electronic Copy :
- All highly sensitive data must be accessed by way of a unique name or number for identifying and tracking user identity.
- Highly sensitive data stored in electronic format must be encrypted using a minimum of 128 bit encryption. This applies to all local and shared drives.
- Departments/divisions that maintain highly sensitive data must coordinate with University Technology Services to ensure that they have procedures in place that will allow them to access this data in the event of an emergency.
All users of University IT resources, who will need to create, receive or maintain highly sensitive data, are responsible for ensuring that their computer and systems have the requisite level of security to safeguard this data from unauthorized loss or intrusion. Please contact your School's or College's Network or Systems Administrator should you have any questions. In addition, you may contact the IT Security Office for assistance in this regard.