A University’s Guide To Secure RecordkeepingBy David Thompson, UniversityHerald Reporter
Universities handle a wide variety of sensitive documents and information concerning students and their families as well as university employees.
Laws and ethical obligations require university administrators to take proactive measures to protect these sensitive documents and information from unauthorized disclosure. This warrants several technical strategies and process controls to allow the legitimate use of student records while protecting them against intruders.
In this post, you'll learn seven recordkeeping tips like using devices like smart locks for lockers and others to help universities better protect critical data and information. Keep on reading to learn more.
1. Minimize Data Collection
Perhaps one of the most important steps that universities can take to lower the risk of malicious and unintentional access and use of sensitive student records is to reduce the amount of data and information collected from them in the first place. This is an effective recordkeeping security practice known as minimization.
When universities don't collect sensitive information and data elements, there's a lower risk of losing control of that data. For instance, numerous universities collected parents' social security numbers (SSNs) for identification purposes in student registration forms years ago. However, there's no benefit in doing so.
In fact, according to the authorities, parents aren't required to share their SSNs with universities and schools. The risks associated with storing sensitive information are too high and there are no clear benefits. Thus, universities should review what data they're collecting and remove any elements with low relevancy that are not required for a specific, legitimate purpose.
2. Keep Records Locked Up
Did you know that 1 in 5 data breaches involve paper records? Loose student and employee records and documents without any barrier to access can easily get stolen or misplaced.
So, if you want to keep your paper records safe and secure, you need to invest in smart locks for lockers, cabinets, and even the door to your storage room. These locks can be a significant deterrent against prying eyes. Plus, smart locks can help extend the time it takes to actually break into the storage cabinet to copy or take critical documents.
If you're looking for a reliable lock for storage room doors, a hasp lock is your best bet. This lock has high resistance to salt and humidity and has an easy-to-mount system, making it an effective and simple solution for heavy-duty use in a shared environment. Also, this lack features a built-in anti-rotation system to prevent lock circumvention as well as an IP55 design to ensure a long-lasting security system.
If you don't have a secure area on your campus or you have too many files to lock, you should consider hiring an off-site storage facility. Off-site storage allows you to keep your documents organized and safe without taking up space within your university.
3. Limit Document Access
In terms of critical records, not everyone should have access to them. By limiting access to one or two people, student and employee records are safer and less likely to be mishandled. Meanwhile, access can be granted for only a limited time to those who need it.
For instance, your university's registrar department should only have access to student records. Meanwhile, the human resources (HR) department should handle the official workplace records and personal information of instructors, professors, and other university employees.
Be sure to maintain a log book of record access. People who need access to documents should log their name, the time and date of getting access, which records they're accessing, and the purpose. This way, you have a document trail on who accessed what.
4. Have A Labeling System
Misplaced or misfiled records and documents can cost your university money. When an employee has to search for it or reproduce it, missing or lost records can cost time and resources. There's also the chance that the record may be compromised which can put you on the wrong side of data laws and regulations and pay hefty fines.
So, make sure that you have a consistent and clear labeling system for your records, files, folders, and cabinets. By maintaining a good labeling system, you reduce the chances of losing a record while keeping everything organized and easy to access.
5. Train Registrar And Employees On Proper Records Handling
University registrars and other employees who have access to sensitive records should be trained on how to handle private and proprietary information with care and to respect the confidentiality of the information.
Specifically, you want to train them to:
Protect private and personal information, regardless of the media type for the entire life cycle of that data;
Have a written and signed confidential non-disclosure agreement before disclosing confidential data;
Share confidential records only with those who need to use or know the information;
Promptly report any suspected or actual unauthorized access to records to the administrator or management;
Use highly secured passwords on university accounts; and so on.
6. Implement A Clean Desk And Visiting Policy
Sometimes, registrar and even professors in faculty rooms tend to leave confidential and sensitive records on their desks. Whether they're left in a file folder or in full view, it makes it easier for cleaning staff, visitors, or other employees to look at and access sensitive information.
Thus, you should consider implementing a clean desk policy, requiring registrars, professors, and other employees to clear their desks of all papers at the end of the day. This ensures that no confidential records or paper are left out on desks, preventing unwanted access or theft.
In addition, you should consider having a strict visitor policy. Where appropriate, visitors to a specific department or room, for instance, faculty rooms, should sign a confidentiality agreement upon arrival. Lastly, visitors should be escorted at all times and should be kept away from key areas where they may easily see or access confidential records.
7. Destroy Records Securely
In general, documents have a retention timeline. Once they go beyond their required retention time, they need to be destroyed properly. But destroying confidential records isn't as easy as crumpling them and throwing them in the trash.
Confidential student records and employee information that you no longer need should be safely destroyed to prevent data theft and tampering. In this case, a paper shredder can remove all traces of personal information.
If you're shredding a lot of records, a shredding service can provide finer shredding to ensure that records are completely unreadable and useless. When you destroy old records, make sure to have proper documentation of the process.
Universities must exercise more discretion and caution to protect their students' and employees' information from unauthorized access and use. Following the abovementioned best practices on recordkeeping security can go a long way towards preserving public trust and reputation in your institution.