Highly Sensitive Data Authorization
To store Highly Sensitive Data (HSD) on your computer, you are required to have formal authorization from a Chief Data Steward. Storing HSD on your computer without authorization is a violation of University Policy 1114: Data Stewardship.
Storing HSD on your office or laptop computer adds a risk that this protected data might be lost or stolen. If you are authorized to store HSD on your computer, you must have a protection program, such as encryption, in place to keep the stored data safe.
Before you begin the process of requesting authorization to store HSD, you should consider alternatives to storing the data on a computer. You might not need to store this data on your computer. Storing it and accessing it from a secure network storage system could be one way to meet your business needs. Other options should be investigated, along with carefully examining why HSD is needed to perform your job. For more information on HSD locations and justification, see Data Classification and Storage Requirements.
If you truly believe your business need requires you to store highly sensitive data on your office or laptop computer, please submit a completed TDX form located on the Highly Sensitive Data service page.
Securing Highly Sensitive Data
Data in this category requires extraordinary protection because it has the potential to cause severe damage to people or the university if it is lost or accessed by unauthorized persons.
Examples include, but are not limited to:
- Extensive personal information lists (sets of information that form a "complete picture" of a person)
- A file of passwords to other systems
- Police records or medical records
- Formulae for dangerous substances
- Bank account information
- Internal EEO accusations (or other information that would cause great personal reputational damage)
- Crosswalks (lists that match two ID numbers like SSNs and G Numbers)
These are just a sample of the type of data that requires extraordinary security measures.
Security at this level is best handled by in-depth consultation with the IT Security Office. Please contact the IT Security Office to arrange a consultation at 703-993-2906 or complete the TDX form located on the Highly Sensitive Data service page.
Some Warnings About Highly Sensitive Data
No users are permitted to carry or store HSD on any device unless they have been authorized by their Data Steward, per University Policy 1114: Data Stewardship. See Authorization to Store Highly Sensitive Data Procedures.
NIST-certified encryption software must be used to protect HSD on mobile devices. If you have been authorized by your Data Steward to carry or store HSD, contact ITS Support and request encryption.
HSD should not be accessed remotely unless you are using a secure Virtual Private Network (VPN). Instructions for connecting to the VPN are available at Using 2FA with Cisco Secure Client VPN.