Protecting Sensitive Data

Cal Poly Corporation follows CSU standards on protecting sensitive data

Cal Poly Corporation and Cal Poly follow CSU protecting sensitive data standards. These standards define how businesses and other entities should handle selected types of personal information.

Protecting Sensitve Personal Data

Protected Sensitive Personal Data includes a person’s name combined with a Social Security number (SSN), a driver’s license, California-issued ID number or a financial account number, including credit and debit card numbers. If protected data is exposed, CPC must notify the affected individual(s).

Knowing Where It Is

We should all pay special attention any time protected data crosses our desks – either on paper or electronically – and we should note when it shows up in areas where it may not be needed for business purposes. The WISP broadly describes roles and responsibilities for managing protected data. For instance, it requires reviews of business processes and systems to understand when protected data is required, who needs to see it, and how long it needs to be retained. If you have a question about why you are seeing protected data, or whether you need to keep it, please talk with your manager or send an e-mail to [email protected].

You Cannot Lose What You Do Not Have

There are three easy ways to reduce risk with respect to personal data:

  1. Avoid collecting protected data unless you know it is required. Provide feedback to those who give you unsolicited protected data.
  2. Redact (obscure or cut out) protected data from paper or electronic files that are no longer needed.
  3. Securely destroy any files that are no longer needed.