To help with document storage understanding, the following suggested guideline has been created. The goal is to provide you with electronic document storage best practices and the steps to follow in the unfortunate event of a lost or stolen document.
An individual’s private or financial information cannot be in any document capable of being linked to the individual, this includes:
For University departments requiring Social Security number retention, specific standards and policies are strictly enforced and managed by Administrative Information Systems (438-3611). Please see the Social Security Policy section for more information.
As a rule, do store files and documents using network storage options and avoid storing files and documents on your local hard drive, such as to your desktop, or to USB storage devices like a thumb drive. The advantages of the network storage include:
Avoid storing maiden names, or dates of birth, as this information can also be used to commit fraud or identity theft. Also, although convenient, storing sensitive documents locally, or to a removable storage device (i.e. thumb drive) enables the chance for a lost device, or drive failure. In both situations, the documents are effectively lost, and had they been stored to the network, could have easily been recovered.
Under Illinois State University Conduct Policy - 1.1.13 Use of Social Security Numbers by Illinois State University located at: http://policy.illinoisstate.edu/conduct/1-1-13.shtml; there are very specific and defined policies that require strict compliance and approval prior to gaining access to any social security data.
For departments requiring Social Security number storage a defined business need must exist and further, the department is required to follow the standards found at: www.ais.ilstu.edu/ssn and titled Social Security Number Remediation.
For more information about Social Security number storage, please contact the Data Security Administrator at 438 – 3611.
In the event that a document is lost, or discovered to have been compromised, there are specific requirements including a public notification process that has to be followed.
To help in that process, any discovered events should be directly reported to the Student Affairs IT Help Desk at 438-1111 for further action and notification strategies.
Having and storing documents is a necessary component of our daily routines; being aware of what can be stored is everyone’s responsibility. As the needs arise, make sure that you follow the guidelines.
For further information, please contact Student Affairs IT and we will do everything possible to help.