University Internal Audit

Audit Alerts

Share |

Cleaning Tips to Keep Personal Data Safe

Article published on Privacy Rights Clearinghouse website.

1.  Don't toss documents.  Shred or incinerate them.  The saying "one person's trash is another person's treasure" rings especially true for identity thieves.  Fraudsters look for any documents containing Social Security numbers, financial account numbers, your driver's license number and health insurance account information.  Savvy criminals will dig through your trash, hunting for data that can be used to steal your identity.  Always use a cross-cut, diamond-cut or confetti-cut shredder.  Unlike strip-cut models in which the pieces can potentially be put back together, these shredders will produce much smaller pieces.

2.  Consider a shredding facility.  If you have a large amount of shredding and are not able to handle it at home, consider taking it to a shredding facility that guarantees and certifies that your documents are fully destroyed.  If you have a large amount of papers to destroy (this can occur for example, when an elderly family member passes and the family must dispose of decades of documents), there are services that will send a shredding truck to your home.  Fees are charged for both types of services.

3.  Keep sensitive documents under lock and key.  "Old fashioned" physical security still has a place by discouraging opportunistic thieves.  Centralize sensitive paperwork and invest in a locked filing cabinet.  Or you can simply take advantage of a locking desk drawer.  Another option is to scan documents and save them securely.

4.  Physically destroy old flash drives.  Flash drives are different than hard drives.  A 2010 study by the University of California, San Diego found that applying hard drive data sanitization methods to flash drives was unreliable.  Open the drive and smash the circuit board and chips.  Read Campus Technology's How and Why to Destroy Old Flash Drives for detailed instructions.

5.  Wipe old computer hard drives.  Often, computer files continue to exist on the hard drive, even after you've deleted them using keyboard and mouse commands.  Use specialized software such as Eraser to remove specific files.  To delete an entire hard drive's data, use software like Darik's Boot and Nuke.

Before recycling or selling your old computer, make sure you've successfully destroyed all personal data.  You may be better off physically destroying the hard drive and taking the computer and destroyed drive to an electronics recycling center.  For more details, read Popular Mechanics: How to Absolutely, Positively Destroy Your Data.

Do not toss any digital devices into your trash bin and don't take them to the municipal waste center.  By taking both intact and destroyed digital devices to an electronics recycling center, you are ensuring proper disposal regarding both your privacy and environmental protection.

6.  Wipe data from cell phones.  Cell phones are like computers in that deleting data using the user menus may not truly delete it from the hardware.  Always wipe your phone by deleting the data using menu settings and then performing a factory reset.  Every phone has a different process, so check the phone's manual to restore the phone to its factory setting or search YouTube for an instructional video.  According to PCWorld, no wipe solution is perfect.  The only way to guarantee old cell phone data is gone for good is to take the phone apart and physically destroy the memory chip.

If you're wondering what to do with your wiped phone, we recommend donating it to a nonprofit that provides used cell phones to soldiers, domestic violence victims and others.  Unless the phone is truly a relic, there are many who would appreciate the donation.

7.  Erase the hard drive on unwanted digital copiers.  Nearly every digital photocopier since 2002 contains a hard drive.  The hard drive stores an image of each document processed by the machine.  Check your machine's manual for instructions on how to clear the data from the hard drive before getting rid of the copier.

8.  CDs and DVDs should be physically destroyed by breaking them into many pieces.  A pair of Wiss Tin Snips (scissors that can cut through tougher materials) will help you easily cut your CDs and DVDs into four or more pieces.  Some shredders can do this too.  If you are destroying older media such as floppy disks and tapes, remove the film and cut it into small pieces.

9.  Know the law when disposing of business documents.  If you work from home or operate a small business out of your home, data destruction should be especially rigorous.  There may even be industry standards and federal and state laws that you must comply with regarding proper disposal of business-related documents.  As a small business you certainly don't want the negative publicity that comes with having to notify individuals of a data breach, the law in 46 states.

Keeping your personal data safe at home is important and keeping University records and data safe is every employee's responsibility.

Please refer to the following UMass Policies, Guidelines and Standards for more information about the safeguarding and proper disposal of University devices and records, including paper and electronic data. 

UMass Policies and Guidelines for Data and Computing

Record Retention Policy

Data/Electronic Storage Devices

Please visit the Privacy Rights Clearinghouse website for a full copy of the article.
 

 

The PDF files on this page require the free Adobe Acrobat Reader.

             Ethics & Fraud Hotline
                   774-455-7555

Ethics&FraudHotline@umassp.edu

______________________________

THIS SECTION IS UNDER CONSTRUCTION

Ethics & Fraud Awareness