Handling Restricted Data

Many university employees collect, manage, and handle Highly Restricted and Restricted data in the course of performing their duties. Sensitive information can take many forms including employees’ personal data, students’ academic records, financial records, health records, and other personally identifiable information.

For more information on Restricted and Highly Restricted Data, see Policy 4-008.1.

The safety of your personal and university information is a shared responsibility. Please follow these acceptable and secure practices:

Sending and Receiving Restricted Data Online

  • Highly Restricted data must never be sent via email, or stored, without encryption protections
  • Use UCFID, aka emplID, for interoffice communication. Communicating parties, given that they have authority to access Highly Restricted or Restricted data, can obtain the needed information using the UCFID from the HR or Student systems.
    • Do not store Highly Restricted data on mobile devices, such as laptops, tables, flash drives, etc.
    • Do not store Highly Restricted data on remote cloud storage solutions unless they are sanctioned by the university, or at home.
  • Use wired connections to access Restricted data
  • When you are on an insecure wireless network, always use the UCF VPN to remotely access Highly Restricted or Restricted data

Sharing Restricted Data

  • Avoid sharing highly Restricted data with individuals who are not authorized to access it. This includes unauthorized/untrained staff and non-work related disclosures.
  • Follow the guidelines in Policy 4-008.1

Electronic Copies of Restricted Data

  • Store Highly Restricted data only on a UCF secured server
    • You may store Restricted data, not Highly Restricted, on university provided workstation, laptops, tables, etc.
  • Know the protection requirements for the types of data you come into contact with. Consult with the information’s custodian (e.g., Registrar, Human Resources, etc.)
  • Only data intended for the immediate task at hand should be downloaded via Reporting Database Service (RDS), PeopleSoft, or through any other means.
    • Highly Restricted data must not be stored on office workstations without encryption

Hard Copies of Restricted Data

  • Store sensitive documents, or media, containing Highly Restricted data in a safe location, such as a locked file cabinet or drawer.
    • Label your documents indicating the sensitivity of the document
    • Never leave Highly Restricted or Restricted data in plain view (e.g. on a desk, copier, fax)
  • Properly dispose of any sensitive documents, or media, that are no longer needed or being used. (e.g., cross shred papers, CDs)

Request further information or send your feedback to infosec@ucf.edu.