Classifying Sensitive Data
Keeping sensitive data safe from inappropriate access and disclosure is of the utmost importance. Ohio University has policies, procedures, and standards in place to protect sensitive data. It is the responsibility of everyone handling sensitive data at Ohio University to be familiar with these policies, procedures, and standards. In addition to this, it's important to know what steps are needed to protect this data. For more in-depth information on identifying the sensitivity of various data types, view our Data Classification Table (PDF).
Tips for finding sensitive data
Today, it's easy to store thousands of files without a second thought. It's not uncommon to have files that go back several years. Due to this, it can be challenging to locate sensitive information hiding among large amounts of files and file types.
- Spreadsheets may have "hidden" columns, rows, or cells that may contain covered data, but not be visible on first opening of the file.
- Be sure to review potential locations for covered data in email files, including archived files you may have kept on your computer.
- Use a scanning tool to locate and act upon files containing sensitive information.
Ohio University has a site license for a scanning tool called Spirion (formerly Identity Finder) available for departments to use. This tool makes it easy to find long forgotten examples of sensitive data, and provides options for mitigating the risk of the data as well.
These tools are not without flaws, so keep in mind:
- All scanning tools will generate false positives. This means that what it identifies as sensitive data, like a Social Security number, may not actually be that (a serial number, for example).
- Numbers you can't see and are part of the embedded computing instructions within a document.
- No scanning tool covers all information that may be sensitive.
- No scanning tool covers all types of files.