Data Privacy Week – topic 5: You store sensitive personally identifiable information where?

The privacy practices of data minimization and storage limitation need to be considered when storing sensitive personally identifiable information (PII). Storage should adhere to documented retention timelines developed after careful consideration by all data stakeholders. For highly sensitive information, such as Social Security numbers, financial details or driver’s license numbers, maintaining a single source of truth is considered best practice. Minimizing duplication and avoiding storage in multiple locations whenever possible reduces risk and strengthens data security.

WSU Policy 19.01 / Acceptable Use provides clear guidelines and outlines specific restrictions regarding the storage of sensitive information, including Social Security numbers and credit card data, to ensure compliance and safeguard this critical information.

Think about your OneDrive or email folders: What types of sensitive information do you have stored in there? Are there any files that contain sensitive PII that you no longer need and can be deleted? This is unfortunately a common place where we find sensitive PII stored unnecessarily “just in case.” Clearing out this information from OneDrive or emails is an easy step towards reducing the risk of having that sensitive information compromised.

For more information visit the WSU Privacy SharePoint Site. For any privacy related questions or concerns, reach out to the privacy officer at privacy@wichita.edu or via phone at 316-978-4447 (4HIP).