MSU’s Institutional Data Policy (IDP) holds every member of the university community individually responsible for the appropriate use and protection of institutional data, and especially of confidential data, in their possession or control.
A first step to securing institutional data is increasing awareness about institutional data and confidential data.
Confidential data needs to be stored only on a secured server. If you need to access confidential data, connect to the secured MSU server. Don’t store copies of confidential data on laptops, desktops, smartphones, or portable devices (e.g., USB drives).
Don’t access content containing sensitive information on unsecured mobile devices.
Emailing data
Be careful about who you email data to you and how you send it. Avoid sending confidential data electronically.
Only send sensitive information on a need-to-know basis. Don’t send separate types of personally-identifiable data that in combination are confidential (e.g., name and student identification number).
Encrypt sensitive email before sending. The mail.msu.edu system uses the Secure Sockets Layer (SSL) protocol to protect data and authentication while in transit internally. However, traffic and data outside of the msu.edu domain is unencrypted.
Data to keep out of emails
The following things should NEVER be shared through email:
- Social Security numbers
- Passwords
- Credit card numbers
- Bank account numbers
- Driver’s license numbers
- Names, addresses, and phone numbers in conjunction with other personal data
- Health, financial, and student educational record information
Encrypting data
It’s best practice to encrypt and password protect any shared institutional data files containing sensitive data.
There commercial and non-commercial utilities available for encrypting files including:
- 7-Zip (Windows) – Open Source
- Symantec Endpoint Encryption (Windows) – Commercial, trial version available
- WinZip (Windows, MacOS) – Commercial, trial version available
After you have installed encryption software, follow the steps or prompts to encrypt a file before you upload it.