Practices

RIT Faculty and Staff Responsibilities

Private Information Management Initiative -- Faculty and Staff Responsibilities

All RIT faculty and staff are expected to follow the Private Information Management Initiative (PIMI) remediation requirements below:

  • Review paper files for Private information.
  • Scan RIT computers with Identity Finder for Private information (if Identity Finder is not available, scanning with an alternative tool or reviewing the computer for Private Information is recommended). The Information Security Office will initiate scans of most computers monthly.
  • Scan or review personal/home computers, portable devices, and media for Private information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License).
  • Inform your manager in writing if there is a compelling business reason for retaining private information. Promptly secure the information in compliance with the RIT Information Access and Protection Standard.
  • Notify and receive approval from your PIMI Information Steward/Management Representative.
  • If you're unable to remediate the information found within Identity Finder, please redact (securely erase or securely destroy) unnecessary private information.
  • Complete the Digital Self Defense 103 (2009) Information Handling course. (Center for Professional Development, online) *Note: this requirement is waived if he or she does not handle RIT Private or Confidential information.

Additional Requirements for Department Managers

  • Ensure faculty and staff have reviewed paper files and scanned or reviewed electronic files.
  • Ensure faculty and staff have redacted, securely erased or securely destroyed unnecessary Private information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License).
  • Receive authorization to retain any Private information from the Divisional VP/Information Steward/Management Representative and the Information Security Office.
  • Secure the remaining Private Information in compliance with the RIT Information Access and Protection Standard.

 

Network Security Standard

Network Security Standard

The Network Security Standard provides measures to prevent, detect, and correct network compromises. The standard is based on both new practices and best practices currently in use at RIT.

Please consult the checklist or the standard below for a complete list of requirements.

Who does it apply to?

All systems or network administrators managing devices that:

  • Connect to the centrally-managed Institute network infrastructure
  • Process Private or Confidential Information
 

Currently, personal network devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. However, the use of wireless routers is prohibited in residential areas on campus. The use of wired routers is still acceptable. Read and comply with the requirements in the Resnet guide to Using a Router on the RIT Network prior to using them.

See our Wireless Networking page for information on how to access wireless networks at RIT and how to set up and use a wireless network at home.

What do I need to do?

Use the Network Security Checklist to set up your networking device.

Network Security Standard

Network administrators should consult the Technical Resources pages for detailed information, including preferred and prohibited protocols, trespassing banners, etc.

 

Document Destruction

Document Destruction

Updated June 11, 2014

Why Have Document Destruction Activities?

Document Destruction Activities provide a focused opportunity for RIT faculty and staff to archive securely or dispose of paper records that contain private information. Private Information includes financial account numbers, social security numbers, driver’s license numbers and other information that can be used in identity theft. Participation in this activity will enable RIT to secure Private Information that could otherwise be used to facilitate identity theft. Document Destruction Activities are part of the RIT Private Information Management Initiative, but they are managed by your department.  We encourage all departments to schedule Document Destruction Activities.

Why are Document Destruction Activities so important?

With its concentration of student records and private information, Higher Education is often targeted by attackers hoping to harvest private information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License) for use in identity theft.  In addition, careless storage or loss of records often leads to data breaches that require compliance with various state and federal laws requiring notification of affected consumers. For example, DataLoss DB (http://datalossdb.org/) indicates that almost 25% of breaches have been due to the inadvertent loss of private information, in both paper file and digital formats.  

Participation in Document Destruction Activities will reduce the likelihood for the RIT community to have their personal information fall victim to malicious attacks or loss. This activity will also provide an opportunity for faculty and staff to adhere to the RIT Records Management Policy (C22.0).  Any questions regarding the appropriate retention period can be addressed to the RIT Office of Legal Affairs.

When are my Document Destruction Activities?

Contact your Private Information Management Initiative representative to find out what activities are being planned in your college or division for document destruction.

What do I need to do for my Document Destruction Activities?

It is important that you keep track of any documents that may leave another person susceptible to identity theft attacks.  In preparation for your department’s Document Destruction Activities, please review the files in your office to ensure that you have not retained any private information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License) that is not critical to your current work. Take this opportunity to review files and dispose of them in accordance with the RIT Records Management Policy (C22.0).

We encourage you to review your files now and dispose of those containing Private Information securely. Ensure that any RIT files in your home do not contain any private information.

How do I dispose of portable media and paper documents containing Private Information securely?

Visit our Information Disposal page for recommendations.

What if I have questions?

Contact your division or college's PIMI representative

Subscribe to RSS - Practices