In the computer security field, confidential data is informally referred to as ‘toxic’. This is data that, if it falls into the wrong hands, could cause harm. Toxic data includes social security numbers, driver’s license numbers, patient health information, credit card numbers, student records, and other data protected either by state or federal law. Data is toxic because it could be used to steal from people, or to steal their identity. Toxic data must be properly protected.
Not only is this common sense, it’s also university policy. Policy 07-2 states that confidential information such as this must be stored on password-protected computers and transmitted only in encrypted or password-protected form. What this means is that if you have this kind of data on your electronic device (not just your desktop computer, incidentally, but also your smartphone, your tablet or your laptop) that device should be password-protected (see Proftech on mobile security for suggestions on how to do this for smartphones). And furthermore, you should never send this kind of information by email, because email is not a secure pathway. Email messages are no more secure than postcards.
Two other things you can do:
- Make sure everything you use has a strong password (see this page for some suggestions)
- Use WSU-SECURE to connect your laptop when on campus (and even some smartphones). Instructions here
Another reason to be careful with toxic data: State law requires that specific steps be taken to protect access to social security numbers, and that the entity responsible for releasing them must notify everyone whose data was released. This is an extremely expensive process, and the University can ill-afford this kind of unnecessary expenditure in these harrowing budget times.
So, stay away from toxic data. If you must meddle with it, make sure you keep it safe, both at rest and ‘in motion’. Don’t send it by email, and password-protect any file with toxic data if you are transporting it anywhere.