Reducing Your Risk: Handling Stanford Information

Policies and Regulations

Stanford's data protection policies are here to help you: they're in place in order to comply with various federal and state regulations. In case of an unauthorized data breach, not only the University but you personally can be held liable.

Information Privacy and Security Quick Reference Guide

Data Risk Assessments

If you need to use, share, and store High Risk Data, first you should complete a Data Risk Assessment (DRA). The first part of the questionaire will help determine whether you should proceed to a full Data Risk Assessment with the UIT Information Security and University Privacy offices. If so, they will work with you to ensure that you can securely proceed with your necessary work.

Your Computer and Other Devices

If you access Stanford information with any of your devices, even just checking your Stanford email, Stanford's minimum security standards require that device to be protected in the following ways:

Storing Information

Sensitive or regulated Stanford information must be encrypted at all times: in storage and in transit.

Sending & Sharing Securely

Often we need to share information with colleagues at Stanford and elsewhere. To ensure files are transmitted securely, Stanford provides you with a way to send secure email (for text or small files), and a way to share large files of sensitive information.


Research & Security

  • Research and Security: To have your research data security plan reviewed and signed off, or, for help assessing your data needs and creating a solid plan, go here
  • HIPAA Anonymization: Before sharing research data, please review HIPAA Security and Privacy policies here.