Protecting Sensitive Data

Georgia Tech’s Security Services / Protected Data Practice

GT Cyber Security Policy

GT Data Access Policy

GT Data Privacy Policy

Tips

• Do not store or transfer sensitive data using external / cloud services unless they are already approved for the appropriate data categorization level for the service. If you have a question about whether or not a service is approved for use, please send a message to help@ece.gatech.edu.
• Be careful with email:
  • Make sure that the email address you are sending to has the appropriate recipient(s) and that the address is a gatech.edu address (not an external one).
  • Be careful when you “reply all” to be sure that everyone on the recipient list is meant to receive the message you are sending.
  • Familiarize yourself with GT Cyber Security’s article on How to Avoid Being Phished
    • Also remember to review the GT Cyber Security’s Phish Bowl page for examples of phishing and legitimate messages that have been submitted to the GT Cyber Security team.
• Mailing lists:
  • If you are a moderator on a mailing list, pay special attention to the content and any attachments of a message before releasing it.
  • The lists should be configured as “moderated, with editor confirmation (moderatedconfirm)” so that all messages going through the list are moderated, including those sent by moderators.  In this configuration, the messages will need to be released by the moderator who sent the message, since the other moderators will not be notified that the message needs to be released.  Be sure to carefully review your message and any attachments for sensitive data before releasing the message.

Resources

• Data Categorization
• What should I know about Email Data Protections?
• DLP (Data Loss Prevention)
• FERPA Information from the Registrar’s Office
• HIPAA / Medical Records Information from GT Stamps Health Services
• GT Cyber Security Resources
• ITAR / Export Control
• CUI / DFARS

Campus Services

NOT Approved for Sensitive Data

• PWP: Professional Web Presence

Approved for Category III Data

• OIT Plesk Webhosting

External / Cloud Approved Services

• Which cloud storage offering should I use?
• Forms/Surveys/RSVPs: Office of Academic Effectiveness Institute Survey Platform: qualtrics.gatech.edu
• Microsoft Teams
• Docusign
• Canvas: canvas.gatech.edu
  • Canvas is a cloud-native, AWS hosted, Learning Management System (LMS) developed by Instructure. Canvas provides a suite of tools for teaching and learning permitting instructors to manage instructional workflows, communicate class requirements, share documents, manage assignments, assess student performance, distribute grades, support course collaboration and discussions.
  • Canvas is appropriate for storing institutional data elements classified as Cat I – Public, Category II – Internal Use and Category III – Sensitive. Canvas should not be used for storing or sharing Category IV – Highly Sensitive data, HIPAA, ITAR/EAR, or Classified data. For more details on GT/OIT Data Categorization visit https://security.gatech.edu/DataCategorization. Canvas also has several collaboration and storage integrations including Box, DropBox, and OneDrive. Details on the type of data that can be stored in these integrations can be found in the OIT FAQ at https://faq.oit.gatech.edu/content/which-cloud-storage-offering-should-i-use.

 

Tech Responds to Student Data Disclosure

Last revised on April 29, 2020.