What are the best practices to protect confidential information?
Sensitive Data Best PracticesWhat is Sensitive Data?Students, faculty, and staff interact with data on a daily basis. It is important to understand that all data cannot be treated equally in terms of how we store, share, and dispose of it. LSU categorizes data in three ways: Show
How can I protect Sensitive Data?Encryption is the most effective way to protect your data from unauthorized access. Encryption can be defined as transforming the data into an alternative format that can only be read by a person with access to a decryption key. There are various resources available to encrypt data that you store on your machine. Some readily available options include Bitlocker on the Microsoft Windows platform and FileVault for Mac OS X. More information can be found in the following article: https://grok.lsu.edu/Article.aspx?articleid=6983. If you are transmitting sensitive data, you must use an encrypted communication channel. For web based transmission, always ensure that the web site is protected by SSL. For FTP transmissions, make sure you are using a secured variety of the protocol (i.e. SFTP or FTPS). Another convenient option at LSU is FilestoGeaux, which is a web based service that allows LSU users to upload files they want to share to a secure LSU web server. How should I dispose sensitive data?Eventually it may become necessary to dispose data or devices containing LSU data. When doing so, remember the following:
Additional GuidelinesHere are some additional things to consider when dealing with LSU data:
If you have any doubts or questions about confidential information, please reach out to ITSP at . Protection of confidential corporate information is essential to a company’s capacity to develop products, provide services, and gain economic advantages. Those who wrongfully acquire, misuse, or disclose confidential company information can cause significant damage by impairing or destroying the value of the information. Overview of Trade Secrets and Confidential Information Trade secrets and confidential information both are types of information that are kept secret and are valuable in part because they are not known by others. The key distinction between trade secrets and other sorts of confidential information is that trade secrets enjoy greater legal protections. Information only becomes a trade secret if it meets specific criteria established by either statutory law or common law. The Uniform Trade Secret Act ("UTSA") defines a trade secret as information, such as a formula, pattern, compilation, program device, method, technique, or process, that is both: Valuable because of secrecy. It is or potentially could be economically valuable at least in part because it is not known by others, or able to be discerned by others, who otherwise could benefit economically from using or disclosing it. Protected by efforts to maintain secrecy. It is protected by reasonable efforts to maintain its secrecy from others. By way of example, trade secret protection has been recognized in a various states for: • Marketing plans. • Commercial drawings. • Recipes (such as chocolate chip cookies and pizza dough). • Sales data. • Manufacturing processes. • Chemical formulae (such as insecticides and inks). • Detailed information about customers. Best Practices for Protecting Confidential Information and Trade Secrets Employers should take the following steps to protect confidential and trade secret information: 1. Limit disclosure to those who need to know. Keep the disclosure of confidential information and trade secrets limited to a discrete group of individuals who need the information to perform their jobs or for other legitimate business functions. Remind employees at meetings or events where confidential information will be disclosed that the information is confidential and that they have a duty to maintain confidentiality. 2. Use appropriate contractual protections. For example:
3. Establish appropriate security measures. For example:
4. Train employees. Train employees on the importance of confidentiality and define the universe of information that must be protected. As part of that training:
5. Implement appropriate departing employee procedures. Adopt a departing employee procedure aimed at minimizing risk of misappropriation. For example:
6. Ensure that confidential information does not appear in promotional or other public material. Exclude any confidential information and trade secrets from publications, marketing materials, websites, social media, advertisements, and interviews. 7. Adopt a plan for a prompt response to inadvertent disclosure of trade secrets. For example:
The steps and procedures outlined in this article are great starting points for employers to consider in the protection of their company's confidential information. If you or your company have questions with respect to trade secret protection or otherwise protecting your company's confidential information, feel free to contact me. What are 5 ways to maintain confidentiality?5 important ways to maintain patient confidentiality. Create thorough policies and confidentiality agreements. ... . Provide regular training. ... . Make sure all information is stored on secure systems. ... . No mobile phones. ... . Think about printing.. How can we protect confidentiality of our important information?Guidelines for data confidentiality. Encrypt sensitive files. ... . Manage data access. ... . Physically secure devices and paper documents. ... . Securely dispose of data, devices, and paper records. ... . Manage data acquisition. ... . Manage data utilization. ... . Manage devices.. |