Security :: Data Protection Best Practices

Printer-friendly version

Everyone at Humboldt State University is required to follow certain basic guidelines to support the protection of confidential information:

  1. Access will not be granted to sensitive information on the University's central servers unless a current, appropriate Confidentiality Statement form is on file with Human Resources. Additional authorization may be requested, depending on the type of information and any further requirements as defined in the CSU Responsible Use Policy.
  2. Computers used to access sensitive information, whether that information is stored locally or remotely, must be configured to use password-protected screen savers and have automatic login disabled.
  3. Every member of the University has an obligation to protect their own privacy as well as the privacy of those for whom they have responsibility on campus. The following code of practice should be followed by all computer users, regardless of status or role with the University:
    • Install antivirus software and keep it up to date. 
    • Never open an email attachment unless it is from a known source and is expected
    • Never click on a link in an email, even if it appears to come from a known individual. Instead, copy and paste the link into your browser.
    • Never provide confidential information in response to an email request. The government, banks, HSU, eBay, Facebook, and other well-known entities will never ask for usernames and passwords by email. When in doubt, telephone the sender using an externally-verified number, not any number provided in the email, for clarification.
  4. Computer monitors that may display sensitive information should be positioned so that the information cannot be read. Alternatively, a privacy guard can be used to protect the screen from unauthorized viewing.
  5. Anyone with personally-identifiable or other confidential information stored on their systems, or on systems under their direction, must store and manage that information as required by HSU's protected information standards.
  6. Any digital or hard-copy media (paper, CDs/DVDs, smartphones, USB drives, etc.) that contain unencrypted, non-password-protected sensitive information must be stored in a secure location. File cabinets and drawers containing such media must be locked when not in use and access to the keys restricted and controlled. Spaces holding such cabinets and drawers must be locked when the space is not occupied.
  7. University units that maintain their own personnel files and files containing other sensitive information should be stored in a secure location. When files containing sensitive information  (such as student performance records kept by a faculty member in the faculty member's office) are in use, they may be retained in individual offices if the practices described here are followed.
  8. Never leave files containing confidential information in an open area of the office, such as on top of a desk or credenza. Such files should be kept in a locked drawer whenever they are not actively being used.
  9. Lock the office door whenever the office is unoccupied.
  10. Every office is required to have in place procedures for the secure destruction of media containing sensitive information when no longer needed.

If you have questions about any of these guidelines, please contact the Campus Information Security Officer at (707) 826-3815 or send email to