Bypass navigation bar Search Home

Sign In

Rules for Securing Internal/Confidential Information

 

Choose a topic:

Sharing Information

Never share internal or confidential information with any unauthorized person, within the DCCCD or externally. (Note: An authorized person is one whose individual DCCCD account/password authorizes access; when in doubt, check with your supervisor.)

Return to the top of the page

Storing Information

Never store confidential information on any computer drive (e.g., C: drive) or external storage device (e.g., such as a USB or floppy drive, PDA, removable hard drive, etc.) without the explicit approval of your location Information and Privacy Security Officer (IPSO.) Instead, store it on a secured DCCCD network drive (e.g., U:, P: drives, etc.) that limits access to authorized users only.

If approval has been obtained from your location IPSO to store confidential information on a non-network DCCCD drive for official business purposes, it must be encrypted utilizing an encryption method approved by your location IPSO, and viewing/accessibility must be restricted to only authorized people at all times.

Return to the top of the page

Emailing Information

Never send (or solicit) confidential information via email unless it is transmitted securely as specified below. Otherwise, it can be intercepted and is not secure.

  • Internal email from one DCCCD GroupWise email address to another DCCCD GroupWise email address: Currently, GroupWise is not a secure means of sending email internally to other GroupWise recipients unless the confidential information is sent as an attachment that has been securely encrypted (see below.) (Note: DCCCD is currently pursuing the means to allow confidential information to be sent via GroupWise email within DCCCD.)
  • Email from a DCCCD GroupWise email address to any external email address: when sending confidential information, it must be sent as an attachment that has been securely encrypted (see below.)
  • Securing email attachments: confidential information sent as an attachment must be encrypted utilizing an encryption method approved by your location IPSO.
  • Instant messenger (IM): Never send confidential information via instant messenger.

Return to the top of the page

Faxing Information

If it is necessary to fax internal or confidential information, appropriate precautions must be taken: (Exception: Credit card account numbers must not be solicited or accepted via fax)

  • Use a cover sheet indicating “Internal / Confidential Information Enclosed” and which also includes date and time, sender’s name, authorized recipient’s name, number of pages transmitted, and information regarding verification of receipt.
  • A warning should be placed on the bottom of the fax cover sheet.
    “Important Warning: This message is intended for the use of the person or entity to which it is addressed and may contain information that is privileged and confidential, the disclosure of which is governed by applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this information is strictly prohibited. If you have received this message by error, please notify us immediately and destroy related message.”
  • Limit the faxing of internal / confidential information to urgent or non-routine situations when mail or other delivery is not feasible.
  • Call ahead to alert the receiver so that they can promptly retrieve the information.
  • Regularly empty the fax tray so internal / confidential information does not remain exposed on the fax machine for long periods of time.
  • Confirm the accuracy of fax numbers. All commonly used fax numbers should be programmed into the fax machine to prevent misdialed numbers.

Return to the top of the page

Viewing Information

  • Never allow internal or confidential information to be viewable/accessible in any format or on any device at work, home, or any public/private place if doing so would allow it to be viewable/accessible by any unauthorized person. (Note: An authorized person is one whose individual DCCCD account/password authorizes access based on a business need to know; when in doubt, check with your supervisor.)
  • Positioning of monitors, use of privacy screens, etc. should be utilized when necessary to prevent the unauthorized viewing of confidential information in publicly accessible areas.

Return to the top of the page

Relating/Overhearing Information

Never allow confidential information (especially credit card numbers or SSNs) to be overheard by unauthorized people (e.g. by repeating confidential information aloud, during conversations, using a speakerphone, etc.).

Return to the top of the page

Physically Securing Information

Keep rooms and file cabinets where confidential information is kept (especially workspaces in public areas) locked in order to restrict access to only authorized people.

Return to the top of the page

Disposal of Internal/Confidential Information

Properly dispose of any internal (if used in combination with other personal identifiable information) or confidential documents and media that are no longer required/needed (e.g., papers, files, CD’s, floppies.) For more information concerning the retention, storage and disposal of information contact the District Service Center (DSC) Records Management Department.

Return to the top of the page

Securing Your Workstation

  • Use the Windows/Novell “Lock Workstation” feature to lock your workstation whenever you leave your workstation unattended. (Note: You can lock your workstation by using the following Windows shortcut: simultaneously press the Windows Logo + L keys. (The Windows logo key on your keyboard is the one that looks like the Windows logo, or a flag; the letter L can be either upper or lower case.) Use your Novell password to unlock your workstation.
  • Workstations in areas open to the public should set up a password protected screensaver that automatically comes on within at least 30 minutes of inactivity.

Return to the top of the page