As the value of data increases so does the need for taking extra care and precaution to increase data security, especially for sensitive data and files. Many forms of sensitive data exist, some are protected by legal requirements such as those outlined below:
- FERPA: The Family Educational Right and Privacy Act of 1974 protects the privacy of a student’s education records and allows the student to determine what information should be confidential, and who should have access to that information.
- HIPAA: The Health Insurance Portability and Accountability Act of 1996 ensures the privacy of a patient’s medical records.
- GLBA: The Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act of 1999, contains privacy provisions requiring the protection of a consumer’s financial information.
- PCI/DSS: Payment and Credit Card Industry Data Security Standards were developed by major credit card companies to support the prevention of credit card fraud, hacking and various other security issues. Compliance with the PCI Data Security Standard is required to accept major credit cards for business transactions on campus.
- SSN Protection – Georgia Law (O.C.G.A 10-1-393.8) forbids “publicly posting” or “publicly displaying” individual’s social security numbers (SSNs). It also forbids transferring SSNs over an unsecured connection, as well as using SSNs to access web sites, unless also requiring a PIN or password,
The following minimum requirements are established at the School of Social Work to enhance security of sensitive, critical, and restricted data of our students, employees, donors, and alumni. Please contact the ITS support team (firstname.lastname@example.org) if you have questions and or need assistance.
- Use UGA’s Sendfile / Secure File service – https://sendfile.uga.edu to store sensitive files – up to 2GB of storage space with no file expiration. Notify the recipient that you are sending a file and when it is on its way so necessary precautions can take place on the receiving end. You must log into Sendfile to access any data saved there.
- UGA’s Remote Access VPN service is best when accessing sensitive or restricted data remotely on a UGA system when off campus. Use the VPN service instead of transferring it to a mobile device or third party hosting service such as Dropbox, Google drive, or Onedrive. For info, see – https://eits.uga.edu/access_and_security/infosec/tools/vpn/#
- Store student’s grades and classroom data on UGA’s eLC system – https://uga.view.usg.edu/. An ArchPass is required to access eLC beginning March 12, 2018. If you must store it outside of this system, make sure it is encrypted and or password protected.
Do not use regular UGAmail or Google mail or other personal email accounts to send UGA sensitive data.
UGA sensitive data should not be saved on Dropbox, Google drive, or Onedrive.