search the site
Once you have determined the business necessity for using and storing sensitive data, you should review the specifics of how and where the data is collected and stored.
When reviewing your data storage and collection processes, be as specific as possible. The greater the specificity, the more likely data will be properly secured. In order to do so, ask yourself the following:
- What kinds of sensitive data do we need to store?
- How many records will we be using?
- On what systems will the data be stored?
- Who needs access to systems that contain sensitive data?
- How do we collect sensitive data? (web forms, email, paper forms, etc.)
- How do we transport/transmit the data? (e.g. Are data stored on tape or CD, are they being transmitted over NYU-NET? Over the Internet? On paper?)
You should document the places where data is stored and collected as well as keep the documentation up to date. Then, follow the procedures in step 3 to secure the systems and data that are involved in these processes.
Page last reviewed: May 20, 2011