Powered by the KU IT Security Office

Protecting KU Data

At KU, security is a shared responsibility. During the course of your day at KU, you access many types of information, some of it sensitive and/or confidential. To maintain privacy and data security at KU, you are required to handle data and information properly.

This includes:

  • Understanding what type of data is sensitive
  • Following proper handling procedures to maintain privacy
  • Keeping physical areas secure
  • Protecting mobile devices that are easily lost or stolen

KU Data Classification Policy Levels

The KU Data Classification and Handling Policy details three levels of data and the security protections required for the handling of data at each level. All KU employees are responsible for classifying and handling data according to the policy. Below is an excerpt from the policy describing three data classification levels. Please read the full policy at KU Data Classification and Handling Policy.

Level I – Confidential Information Protection – Stop! Special care is required

High risk of significant financial loss, legal liability, public distrust or harm if this data is disclosed.

Examples of Level I Data:

  • Data protected by HIPAA (health information)
  • Data protected by FERPA
    • (Student information including grades, exams, rosters, official correspondence, financial aid, scholarship records, etc.)
  • Personally Identifiable Information (PII)
  • Individually identifiable information created and collected by research projects
  • Data subject to other federal or state confidentiality laws
  • Personnel data

Level II – Sensitive Information Protection: Be Very Cautious

Moderate requirement for confidentiality and/or moderate or limited risk of financial loss, legal liability, public distrust or harm if this data is disclosed.

Level III – Public Information Protection: Proceed with Awareness

Low requirement for confidentiality (information is public) and/or low or insignificant risk of financial loss, legal liability, public distrust or harm if this data is disclosed.


Proper Handling of Sensitive Data

Help maintain privacy by doing the following:

  • Adopt a clean desk and clear screen policy
  • Lock your screen when you step away from your desk
  • Set your the timeout for your screen at 10 minutes or less
  • Don't retain un-needed data (electronic or paper)
  • Destroy sensitive data in the proper way:

What to Do if You Find Improperly Stored Data?

For Electronic Records:
Immediately contact the KU IT Security Office at itsec@ku.edu or 785-864-9003.

For Paper Records:
Immediately contact the KU Office of Institutional Compliance at 785-864-6204 or email jchasen@ku.edu.


Maintaining Physical Security

To maintain the privacy and security of KU information, it is important to maintain security in the physical spaces where data, information and computer equipment are stored.

Remember to always:

  • Lock exterior and inter-office doors during non-work hours.
  • Close and lock windows during non-work hours.
  • Do not let unknown individuals into secure or private areas.
  • Be aware of people attempting to follow you into secure or private areas, known as "tailgating."
  • Avoid using secondary exits unless necessary and, make sure the door locks behind you.
  • Keep paper documents containing sensitive information in locked cabinets and keep accurate records of who has keys.

What to Do if You See an Unknown Individual in a Secure or Private Area

Politely ask for identification. If you observe activity that poses a direct threat to the life or safety of any individual, immediately contact the KU Public Safety Office at 911 or call 785-864-5900.


Best Practices for the Security of Mobile Devices

Mobile devices include laptops, tablets, smartphones and removable storage devices (e.g., thumb drives, external hard drives). Smartphones and tablets are incredibly powerful computers that are just as susceptible to security issues and malicious attacks as desktop and laptop computers. Mobile devices create an even greater danger because they are easily lost or stolen.

See Mobile Security tips and best practices to help improve mobile device security.


Complete Your Annual KU IT Security Awareness Training

All KU faculty and staff are required annually to complete the IT Security Awareness Training Course » in KU's Talent Development System.

Take the course: IT Security Awareness Training Course »


Is Your Department Subject to Red Flag Rules?

Red flag rules are used to detect and deter identity theft. Check with your department to see if it is subject to red flag rules and complete any required training.


What Constitutes a Security Breach?

"Security breach" is the unauthorized access to a system, device, application or data by circumventing security policies, practices, procedures or mechanisms.

State of Kansas Statute: Article 7a - PROTECTION OF CONSUMER INFORMATION »


KU Research Security Support

Many KU researchers engage in research that involves the collection or use of identifiable private information. Federal law and KU policy provide specific guidance for protecting identifiable research information.

The IT Research Support Team and KU Information Technology, in partnership with the Office of Research, offer specialized services to meet the needs of KU researchers, including security-related support, Research File Storage, access to the Advanced Computing Facility, and research websites.

See Research Security Support for information and resources.


KU IT on Twitter  KU IT on Facebook  KU IT on Instagram  KU Information Technology Home

Report a Security Incident

Security Awareness Tip of the Day (SANS)
Technology Help

Call KU IT Customer Support

785-864-8080
Phone support

Email KU IT Customer Support

itcsc@ku.edu
Support via Email

Faculty/Staff Support

Faculty/Staff Support
Technology Support Centers

KU IT Knowledge Base

Knowledge Base
FAQs & More

Virtual Service Desk

Submit Help Ticket
Online Help

Call KU IT Customer Support

913-626-9619
Phone support

Email KU IT Customer Support

kuec_support@ku.edu
Support via Email

KU IT Knowledge Base

Knowledge Base
FAQs & More

Request Edwards IT Support

Request Edwards IT Support
Online Help

Comments or ideas on how we can serve you better? Send us your feedback!

KU Today