Presentation on theme: "A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June."— Presentation transcript:
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June 2006
FMUG 2 June 2006 What is sensitive data? Sensitive data is any information that requires special care, protection or handling as a result of –Federal or state law, or –MIT Policy 13.2.2 (http://mit.edu/policies/) There may be other reasons as well, such as protection of MIT reputation, privacy of the individuals involved, etc. that lead to special care being taken.
FMUG 2 June 2006 MIT Policy 13.2.2 says in part … Individuals who manage or use the information and computing resources required by the Institute to carry out its mission must protect them from unauthorized modification, disclosure, and destruction. Information--including data and software--is to be protected, regardless of the form or medium that carries the information. Protection shall be commensurate with the risk of exposure and with the value of the information and of the computing resources.
FMUG 2 June 2006 MIT ’ s Data Classifications Extremely Sensitive Data -- significant risk Sensitive Data -- moderate risk MIT Only -- low risk Public *** DRAFT ***
FMUG 2 June 2006 Extremely Sensitive data are … Data that, if disclosed, substantially increases the risk of –physical, –financial, –reputation, –legal or other harm Such harm being directed to –individuals, groups or the Institute as a whole.
FMUG 2 June 2006 Examples of Extremely Sensitive data: Personally identifying information (PII): if a person's Social Security Number, along with name, is exposed, it could be exploited by identity thieves. Some states have passed laws requiring notification. Protected health information (PHI): if a person ’ s medical history or status are exposed, it violates an individual ’ s fundamental right to privacy. It violates Federal HIPAA law. Education records: if a student ’ s information is disclosed, it violates their privacy as defined under the Family Educational Records and Privacy Act (FERPA). Responses to a Faculty Survey. If disclosed, it could result in damage to faculty careers!
FMUG 2 June 2006 Sensitive Data are … Those data that MIT may choose to keep confidential for Institute purposes, but whose disclosure does not substantially increase risk of physical, financial, reputational, legal or other harm to individuals, groups or the Institute as a whole. Example: Salary information
FMUG 2 June 2006 Institute Use Only Data are … Those data that MIT provides to the MIT Community for general administrative use with the purpose of general efficiency. These data will often be made available in a manner that will result in their disclosure to non-MIT parties. In spite of that, the use/reuse of these data will usually be restricted on a case-by-case basis. –Example: Telephone Directory information (published). While this information is available in part online and in paper directories, reusing this information for telemarketing or similar purposes is prohibited. –Example: MIT ID Numbers (unpublished). While an individual ’ s specific MIT ID is not considered a secret, MIT does not publish lists of MIT IDs and the person that is associated with a particular ID.
FMUG 2 June 2006 Information Protection Practices Transmitting (or not) data safely Storing data safely Issues related to secondary storage locations –Backups, removable and transportable devices Other issues –Media sanitizing –Theft
FMUG 2 June 2006 Possible Guidelines for Transmitting Sensitive Data To/from administrative applications Encryption of content in transit required. Achievable via encrypted tunnels like SSL for Web apps, for example. By e-mail or file transfer (FTP) Encryption of content required. By Wireless/cellular technology Do not transmit. By FAX FAX Machine must have limited physical access or a person authorized to view the specific sensitive data being sent will be present when the data is transmitted. By Voice Mail Do not leave restricted information in voice mail message. Don’t forget you can now have your voice mail messages forwarded to your email, so see above. Always request call back when you need to convey sensitive data.
FMUG 2 June 2006 Possible Guidelines for Storing Sensitive Data Storage on fixed media with access controls No encryption required, with the exception of credit card / bank account information. Storage on fixed media without access controls, but accessible via the web Not allowed! Fixed media refers to permanently installed hard drives in desktop or server machines.
FMUG 2 June 2006 Possible Guidelines for Storing Sensitive Data Storage on fixed media without access controls, but not accessible via the web Not advised. If restricted data must be stored on such devices, the devices must be stored in a secured location when not in use ( EX: Store data on a removable drive and lock in desk when not in use). Storage on removable media* Store in secured location when not in use. Print hard copy report of information Unattended printing permitted only if physical access controls are used to prevent unauthorized viewing. Removable media refers to the kinds of media that by their nature are not permanently installed, some examples include floppy disks, zip disks, CDs, DVDs, flash drives, DAT tapes, etc.