The College employs a variety of security to protect the security and privacy of the confidential information that has been entrusted to us. One of these measures is a Data Loss Prevention (DLP) system.
The Data Loss Prevention system operates in a manner similar to anti-virus software. It automatically scans all files that are opened on a given computer in real time for patterns that would indicate sensitive or confidential information is present. In addition, the DLP system also scans all the files as well as College servers regularly for files that appear to contain sensitive information.
Sensitive Information the Data Loss System Scans for includes:
- Social Security Numbers
- Credit Card Numbers
- Bank account numbers
If you receive a Data Loss Prevention Message alert on your computer, please take the following steps:
- Note what you were doing at that moment - what websites you were accessing as well as any files you recently accessed
- Evaluate the context and determine if sensitive or confidential information was transmitted or stored in a file
- If sensitive or confidential information was processed, self-evaluate to determine whether the sensitive or confidential information was processed in accordance with applicable federal and state law as well as College policies
Applicable Federal Law and College Policies regarding confidential information:
- FERPA - Academic Records
- GLBA - Financial Records
- College Personal Information Protection Policy 5.20
- College Technology Acceptable Use Policy 8.1.3
- College Electronic Information Management and Storage Policy
- Additional laws and policies might apply depending on the type of data and context
Confidential Information Handling General Guidelines:
- Employees may only access sensitive or confidential information to carry out job duties
- Sensitive or confidential information may only be transmitted to, stored, or processed by systems explicitly authorized to handle sensitive information
- NEVER share sensitive or confidential information via email or any other unauthorized or insecure means
- NEVER store sensitive or confidential information on portable media such as USB 'flash' or 'thumb' drives
- NEVER store sensitive or confidential information on a device or service that is not directly owned or operated by the College