Data Security

Data Security for Faculty and Staff

University of Florida employees are required to keep restricted information safe from unauthorized access.

Restricted data is defined as

Data in any format collected, developed, maintained or managed by or on behalf of the university, or within the scope of university activities, that are subject to specific protections under federal or state law or regulations or under applicable contracts. Examples include, but are not limited to medical records, social security numbers, credit card numbers, Florida driver licenses, non-directory student records and export controlled technical data.

Please read the UF Data Classification Policy for more information on the Restricted, Sensitive, and Open classifications. The UF Data Guide can help you understand the classification of data you work with, along with appropriate tools for each data type.

Legislation establishes personal and institutional liability and fines for breach of private data.

Employees working with health-related information must also be aware of HIPAA issues. For more information, see the UF Privacy Office.

The UF Information Security Office strongly advises against the transfer and storage of restricted data on personally managed machines.

Below are things you should do to help protect the data you work with.

Three things you should always do…

• Use a strong password
• Use anti-virus program
• Keep your computer updated with current patches

A lot of restricted information is stored on computers. By doing these three things you significantly decrease your chance of giving an intruder access to your data.

---

Electronic Security

Transmission of Data

Most users can use a Virtual Private Network connection to encrypt communication from an untrusted network, such as from home or on a wireless network. For more information on VPN and to download the UF VPN software, visit this link.

Disk Encryption

UF Policy requires that all portable computing and storage devices that are used with University Data, regardless of ownership, must be fully encrypted. This means that even personal smartphones, tablets, and laptops used by faculty and staff must be encrypted if they use them to conduct university business. We have extensive resources to assist in encrypting personal devices. Portable USB ‘flash drives must also be encrypted – more information.

---

Physical Security

Lock or Turn Off Your PC When Away

Every time you step away from your computer, even if just for a minute, you should lock your workstation. If you’re not sure how to do this please refer to your operating system’s manual or consult your Information Security Manager.

Strategically Place Monitors

Set up monitors so that shoulder-surfing is difficult. If restricted information is viewable from over your shoulder, then it’s not secure.

Safely Lock Up Equipment & Media

All equipment with restricted data should be locked safely away when not in use or unattended, whether behind doors or under locked cases. Please advise your department’s Information Security Manager of all unlocked equipment.

Dispose of Sensitive Information Properly

Restricted information in paper form should be shredded and electronic data should be rendered unreadable. All old computers should be turned over to unit IT staff for proper disposal. The Information Security Office offers a Media Disposal Service to ensure that electronic media is securely disposed of.

No Unauthorized Computer Changes

Before allowing anyone to install new hardware and software on university systems, please obtain approval and guidance from your department’s Information Security Manager. This also applies to personally managed computers that contain university-restricted data on them.

Faxes, Printers, and Photocopiers

Immediately pick up sensitive material from faxes, printers, and copiers. The longer this information is unattended the better chance for someone else to access it.

Beware of ‘Tailgaters’ and Supervise All Visitors

If you have a badge-protected room beware of persons following behind, or ‘tailgating’ on your entry. Make sure you know who they are, otherwise turn them away. When meeting with outside guests such as vendors, students, visiting professors, etc. make sure you are with them at all times.