Secure File Archiving

Storing sensitive data such as Social Security numbers brings with it the obligation to ensure that the data is stored securely. The burden of doing so should give one pause to consider "is it really worth it to keep this information around?" If your job responsibilities include maintaining SSNs, read through the following material and recommendations.

Planning

• Inform your supervisor and unit business manager.
• Discuss whether the information should be provided to the University Archives or destroyed.
• Never email files containing sensitive or personal data. Use CITES NetFiles or other secure transfer methods.
• Consult with the IT Professionals that support your unit for information on how to secure the data.
• Inform the IT Professionals that support your unit as to where the sensitive data is stored (and feel free to contact the campus Security Office at securitysupport@uiuc.edu for consultation or advice).
• Although the SSN Elimination Program focuses only on electronic files, consider shredding unneeded paper documents as well.
• Destroy unnecessary backups.

Execution

• Do not maintain convenience copies of sensitive data.
• Delete or encrypt sensitive files stored on USB keyfob devices.
• Password protect MS Office files - this protection is considered weak but is still better than leaving them unprotected.
• Learn to use the file encryption tools built into Apple's OS X and Microsoft Windows.
• Transfer files with sensitive data to CDs or DVDs and store these in a locked cabinet or safe (which is also where you should store printed material containing SSNs or other sensitive data).