Data Security for Faculty and Staff
University of Florida employees are required to keep restricted information safe from unauthorized access.
Restricted data is defined as, but not limited to:
- Social security numbers
- Bank, credit card, or other financial account numbers including PIN
- Drivers' licences numbers
- Student Grades
- Student Date of Birth
- Student schedules
- Class rosters
Please read the UF IT Data Security Standard for more information on Restricted, Unrestricted and Sensitive classification.
Legislation establishes personal and institutional liability and fines for breach of private data.
Employees working with health related information must also be aware of HIPAA issues. For more information, see the UF Privacy Office.
The UF IT Security Team strongly advises against the transfer and storage of restricted data on personally managed machines.
Below are things you should do to help protect the data you work with.
Three things you should always do...
A lot of restricted information is stored on computers. By doing these three things you significantly decrease your chance of giving an intruder access to your data.
Electronic Security
Transmission of Data
Most users can use a Virtual Private Network connection to encrypt communication from an untrusted network, such as from home or on a wireless network. For more information on VPN and to download the UF VPN software, visit this link.
File Storage
If you must store restricted data on a computer, please take the necessary steps to encypt it properly. The Health Science Center has a comprehensive guide to encyption, you can download the PDF here.
Physical Security
Lock or Turn Off Your PC When Away
Everytime you step away from your computer, even if just for a minute, you should lock your workstation. If you're not sure how to do this please refer to your operating system's manual or consult your Information Security Manager.
Strategically Place Monitors
Set up monitors so that shoulder-surfing is difficult. If restricted information is viewable from over your shoulder, then it's not secure.
Safely Lock Up Equipment & Media
All equipment with restricted data should be locked safely away when not in use or unattended, whether behind doors or under locked cases. Please advise your department's Information Security Manager of all unlocked equipment.
Dispose of Sensitive Information Properly
Restricted information in paper form should be shredded and electronic data should be rendered unreadable. Please visit the Assets Management Services page to learn the best ways to detroy data.
No Unauthorized Computer Changes
Before allowing anyone to install new hardware and software on university systems, please obtain approval and guidence from you department's Information Security Manager. This also applies to personally managed computers that contain university restricted data on it.
Faxes, Printers and Photocopiers
Immediately pickup sensitive material from faxes, printers and copiers. The longer this information is unattended the better chance for someone else to access it.
Beware of 'Tailgaters' and Supervise All Visitors
If you have a badge-protected room beware of persons following behind, or 'tailgating' on your entry. Make sure you know who they are, otherwise turn them away. When meeting with outside guests such as vendors, students, visiting professors, etc.. make sure you are with them at all times.
