Reducing Your Risk: Handling Stanford Information
Policies and Regulations
Stanford's data protection policies are here to help you: they're in place in order to comply with various federal and state regulations. In case of an unauthorized data breach, not only the University but you personally can be held liable.
Data Risk Assessments
If you need to use, share, and store High Risk Data, first you should complete a Data Risk Assessment (DRA). The first part of the questionaire will help determine whether you should proceed to a full Data Risk Assessment with the UIT Information Security and University Privacy offices. If so, they will work with you to ensure that you can securely proceed with your necessary work.
Your Computer and Other Devices
If you access Stanford information with any of your devices, even just checking your Stanford email, Stanford's minimum security standards require that device to be protected in the following ways:
Sensitive or regulated Stanford information must be encrypted at all times: in storage and in transit.
- Secure Storage Options
UIT Secure File Storage Recommendations
Code42 (CrashPlan) and other secure backup options. Code42 CrashPlan is approved for all risk levels of Stanford information, including PHI.
- Protect Portable Information: If you MUST transport sensitive information, use a pre-encrypted USB memory stick or external drive.
Or, instead of carrying the information from place to place, consider sending it securely instead.
Sending & Sharing Securely
Often we need to share information with colleagues at Stanford and elsewhere. To ensure files are transmitted securely, Stanford provides you with a way to send secure email (for text or small files), and a way to share large files of sensitive information.