Policies for handling sensitive and restricted data

Please view rather than print this information
Current dates can be found at Important Purdue and Departmental Dates

Revised 11/11/15

Data classification

Purdue classifies data into three types: public (e.g., list of courses offered by Purdue), sensitive (e.g., PUID, gender, course roster), and restricted (e.g., grade information, social security number, initial course participation). Public data requires no special handling but both sensitive and restricted data do. This document will focus on the sensitive and restricted data that Department of Mathematics TAs and Limited-Term Lecturers will need to work with as part of their normal duties. http://www.purdue.edu/securePurdue/procedures/dataHandling1.cfm has details about data classification and university policies for handling each data type.

Data storage

All of the sensitive and restricted data you are expected to work with is stored on myPurdue (e.g., course roster) or on commercial websites contracted by Purdue (e.g., Webassign, Loncapa). In either case you must supply a Purdue career account username and password to access the data. It is fine to access the data from your home computer or laptop provided that you do not download the data from the website to your local hard drive or an electronic storage device (e.g., flash drive). If you download sensitive or restricted data to your hard drive, then that sensitive or restricted data is no longer protected behind Purdue authentication. When you need to download sensitive or restricted data (e.g., to print out a course roster, to print out raw grades for archiving in MATH 242 after grades are submitted), then you should download it to your Purdue career account home directory. https://www.itap.purdue.edu/learning/careeraccount/ has information on how to access your career account home directory. Connecting to your Purdue career account home directory takes a short time to set up and most operating systems can create a desktop icon that you can double-click making subsequent connections fast. Since the sensitive or restricted data is stored in your Purdue career account home directory it is again protected behind Purdue authentication.

Data transmission

If you want to transfer sensitive or restricted data to someone else (e.g., give a spreadsheet of final grades to a course coordinator) then you should use Filelocker https://filelocker.purdue.edu/. Filelocker is a secure server where you upload files and then designate who can access those files. Files uploaded to Filelocker expire after one month because the system is designed to transfer files and not store them.

Data

Type

Store

Transmit

Course roster

Sensitive

Purdue-authenticated server

Filelocker

Grades

Restricted

Purdue-authenticated server

Filelocker

 


Using Filelocker to send a file

  1. Log in to Filelocker
  2. Click Upload. Click Browse and Upload. Navigate to the file and confirm. The file will appear in your Uploaded Files list.
  3. Click the file you have just uploaded and then click Share This File.
  4. Enter the Purdue career account name of the person you want to send the file to in the search box and click to confirm the person. Click Share. You can tick the Notify via email box to have Filelocker email the person to notify them you have sent them a file.

Using Filelocker to receive a file

  1. Log in to Filelocker
  2. In the Files Shared with You list click the file you want to download. Click Download This File.
  3. If the file contains sensitive or restricted data, then it should be saved in your Purdue career account home directory. If you have your browser set to save downloaded files in a certain folder (e.g., C:\Users\username\Downloads) then you must transfer the file to your Purdue career account home directory.

Handling printed information

Paper copies of grade sheets, graded quizzes, homework and exams contain sensitive or restricted data and must be handled carefully. Do not let leave them in plain view on your office desk or at home if you have housemates. TAs from other departments and Limited-Term Lecturers should not leave sensitive data in the offices they use since these offices are often kept unlocked.
Sensitive or restricted data should be disposed of securely using the blue disposal bins in the department on floors 4, 6, 7, and 8. Keep in mind that exams must be kept until the end of week 6 of the semester following the semester the exam was given. For more details about handling printed information see http://www.purdue.edu/securePurdue/procedures/dataHandling/printedInfo1.cfm