Data Security

Body

Data comes in many forms at Hancock College. Data can include student and employee records and course information. Data also can be written policies and procedures created by departments. 

Data Access

Access to data sources can be managed either by the ITS department or by the department responsible for the data. Access to Banner and most campus wide third party sources is managed by ITS. Requests must be made by department heads for their staff members to have access to these resources. Access is granted via roles which assign permissions based on the staff members data needs.

Access to Teams and SharePoint sites are managed by the department heads and do not require any interaction with ITS.

Data Classification

Data at Hancock College can be divided into three categories:

  • Public Data: Data which is fit for public consumption to be published on the public website. This can include course schedules, policies, and aggregated data prepared by Institutional Effectiveness.
  • Internal Data: Data which can be made available for all Hancock College employees, but should not be available to the public. This can include 
  • Restricted Data: Data which must be made available only to those Hancock College employees who have a need to view and manage that data. This includes financial information, medical information, and personally identifiable information (PII) for students and employees.

Data Storage Locations

Hancock College offers a number of places to store data which can be broadly broken down into the following categories:

  • Local computer: Staff members who are issued a workstation can use the internal storage of the machine for temporary storage of documents and data. Data can be consumed, created and updated on the device but data on these devices are not backed up in any way. Data that needs to persist must be moved to one of the following locations on this list.
  • OneDrive: OneDrive is a service that has local storage on a staff member's workstation as well as being synced to the cloud. OneDrive is a suitable location for data that does not need to be shared with groups. 
  • Department shared drives: Some departments on campus have access to a shared drives on an internally hosted file server that can be mapped to a staff member's workstation. The primary purpose of these shared drives if for the long term storage of Restricted Data that might have large amounts of PII or financial information. Internal data like document without PII or financial information should be placed on department Teams Sites. 
  • Department/Project Teams Sites: Teams is the preferred location for all Internal Data at Hancock College. Teams for each department are managed by the department head. Special purpose Teams can be created ad hoc for projects that span across multiple departments. 
  • Committee SharePoint sites: SharePoint is similar in functionality to Teams, but is mostly used for the sharing of documents for Committees. 
  • Banner: Most Hancock College information about students, staff and courses are located within Banner. Nearly all input of Banner data is done through Banner Admin Pages or Banner Self Service. 
  • Other Third Party Services: Services like Canvas, Starfish, Astra, AIM and DynamicForms are approved vendors that are allowed to manage Hancock College Internal and Restricted Data. Typically, the Hancock College data transfer is handled by ITS. Any reports or output from these services must be downloaded to the approved locations listed above.

Invalid storage options include services that Hancock College do not support including Google Apps and Drive, Dropbox, iCloud. Hancock College has services (mostly inside Microsoft's m365 suite) that can match the features of the other third party services mentioned. If there is a use case where there is not an appropriate service available, please use the general ITS help request.

Restricted Data (data with personal identifiable information or financial information) should never be put on removable media (USB thumb drives) without explicit permission from ITS Information Security. Loss or theft of a device with Restricted Data is a large risk for the institution. 

Data Retention

Once data has been consumed and is no longer needed it should be securely deleted. Each department is responsible for governing the retention periods of their data. ITS Information Security will be meeting with departments to help create data retention policies.

Workstations that are no longer needed should be returned to ITS where any data on the device will be securely removed. 

Data Best Practices

Reporting Mishandled Data

Should a staff member find that Internal or Restricted Data is being stored in an improper location or is available to those who should not have access, report to Hancock College Information Security

 

Clean Out Temporary Storage

Many users will place files on their desktop or in the Downloads folder for easy access. Take some time each month to clean up any old data. Files that are no longer needed should be deleted. Files that still have a use should be moved to longer term storage. Click to get a monthly calendar reminder to clean up your temporary storage locations.

 

Email Links not Files

Staff members that find themselves sending email attachments with Restricted Data should reconsider the practice and instead share a link to the file on OneDrive instead. This can be done in a few steps. 

  1. Save the file to a location on the workstation's OneDrive folder - often this can be found by typing "OneDrive - Allan Hancock College" in the explorer address bar.
  2.  Right click on the file and select "Share" (or "OneDrive > Share" on Windows 11 PCs).
  3. Type in the email of the users to share the file with, add a message and click "Send".

 

Details

Details

Article ID: 154488
Created
Mon 9/25/23 2:05 PM
Modified
Wed 12/6/23 5:01 PM