Data Protection Principles

The key to protecting any important data, whether personal or institutional, is to follow a few basic principles:

Know What You Want to Protect and Where It Resides

Information accumulates over time: old email, bulging file drawers, folders on a shared server, or files on an old hard drive of a standby computer. Some data can be quite old and now long forgotten, making it more likely to contain personally identifiable information (PII), such as social security numbers. Review old files and folders and securely dispose of information no longer needed or archive that which should be saved. Install Identity Finder, a self-scanning tool available to members of the Brown community, to aid in identifying and better managing PII.

When in Doubt, Leave It Out

Besides managing old files, it will save time and future headaches to store only the information needed to perform your Brown or personal business. Keep this adage in mind hen dealing with electronic or paper files to help protect yourself and Brown.

If You Collect It, You Must Protect It

When PII must be available in some form, be a good steward and protect it. Review this website, which contains a wealth of information on how to secure PII in various forms and locations. Elsewhere in this section is information on securely storing data as well as sending and sharing it. The Securing Your Devices section has tips on dealing with malware, keeping your operating system and software current, backing up devices, safe remote access and physical security. Visit Guarding Your Privacy to learn more on how to protect your privacy, phishing and strong passwords.

It's Not SecUre Without U!

No matter how strong Brown's technical defenses may be, each individual is the critical link in providing a secure computing environment. Firewalls may be thick and strong but are no match for someone who gives away a password or allows their networked computer to be compromised by clicking on a bogus link or not keeping their anti-virus up-to-date. Tip: Read about how to spot the phish and malware menaces.

Have a Plan

Whether you manage only your own information and computer, or an entire department's computing environment, it pays to plan ahead. Set a regular schedule for back ups, weeding out unneeded data, updating your software to the latest version and knowing who to contact in the event of a security incident.

Other Resources

Refer to the Policy on the Handling of Brown Restricted Information and its collection of supporting documents listed on the main Computing Policy page for recommendations on securely handling information, whether communicated orally, via email or online, stored on paper or electronically, transmitted via mobile devices, etc.