Skip to main content
Pepperdine | Community

Data Privacy

Desktop Data Privacy Exercise

Protecting data to achieve privacy

Data Minimization is the practice of keeping only the data that is essential for personal or business applications on your devices, and it is key to privacy. At Pepperdine, we must ensure we don't collect more information than we need, and that we appropriately end our access to the information when we're done using it. To meet predetermined standards to support data privacy, data must be:

  • Adequate
  • Relevant
  • Restricted by its necessary purpose

The best defense against data hackers is having the right information and staying diligent in our practices. Data minimization is not just an annual event. Actively look for ways to minimize the data you collect and store on a daily basis. By making data minimization a daily process, we protect each other and are more efficient with our personal and business data.

Together, we all share the responsibility of protecting University and personal data from unauthorized access, use, or disclosure.

Data Privacy Day

Data Privacy Day (January 28, 2024) is a global awareness initiative to raise awareness of the importance of data privacy and to promote best practices for protecting personal data.

Information Technology and the Office of Assurance and Advisory Services encourage all supervisors and managers to routinely review the data you and your teams collect, practice data minimalization, and follow best practices. 

Get Started

  Step 1: Know What You Have

The following is a sample list of types of information you may have collected or created. This is by no means an exhaustive list.

  • Databases
  • Contact Lists
  • Mail Merge files
  • Letters of Reference/Recommendation
  • Applications (Scholarships, Internships, TA, Grad Assistant)
  • Hiring/Vendor Paperwork
  • Grading
  • Alumni Surveys
  • Web tools (Qualtrics/Survey Monkey/Poll Everywhere/Google Forms)
  • Faculty Evaluations
  • Bills/Invoices
  • Bank Statements

To assist you in identifying data on your devices that could be targeted by hackers, the IT department has a digital tool available that will scan your computer to find files that might have credit card or social security numbers.

Use SENF Tool
  Step 2: Know Where it Might Be

Data can be stored in many different places, and multiple copies or versions may exist across devices. Think about where data may be stored, such as:

  • Desktop computer
  • Laptop computer
  • Mobile phone
  • Tablet
  • Flash Drive/CD/Floppy Disk/External Drives
  • Cloud storage (Google, Microsoft, etc.)
  • Email (web, Outlook, Mail App)
  • Cameras or photo sites
  • Printer or scanners
  • Paper files

 

  Step 3: Know What Needs to be Done

If you need continued data access for an ongoing project, or for information that needs to be stored for a specific period of time, make sure that you secure the data. We suggest deleting information that is no longer needed.

  • Remove: If you no longer need to access data, delete it. This includes shredding or otherwise securely disposing of any hard copies of the data as well. Keeping more information than we need — especially on mobile devices that could get lost, stolen, or otherwise compromised — is an accident waiting to happen.
  • Secure: Know the classification for your data and apply the right security control. Restricted data — like social security, credit card, and drivers license number; or health treatment/diagnosis records — require approved encryption in storage and transmission. Confidential data — like business and educational records, including email — require a unique password per user to access. We recommend using a passphrase of 12 or more characters as your password because it is stronger and easier to type.
  • Control: Set a locking screensaver that requires a password to unlock; we recommend 15 minutes. If you leave your computer, lock your screen manually. Place a passcode on mobile devices.
  Step 4: Know How to Do It

Now that you've made some notes about what you have, where it might be stored, and an idea of what you should do with it, here are some guides on how to do it:

  • Scan for Restricted data: The Sensitive Number Finder (SENF) tool can help you search your computer for credit card and social security numbers.
  • Secure your web browser: Having a password automatically entered on a website is a great convenience, but it's also a great security risk. We recommend that you do not allow your web browser to remember passwords, not for University resources, financial institutions, and any online shopping sites. Here is a helpful guide on how to delete any saved passwords: https://www.wikihow.com/Delete-Remembered-Passwords.
  • Electronic disposal: Are you getting rid of an old computer, phone, or other device that might have data on it that needs to be cleared? Ideally, you should have the entire device securely wiped and/or encrypted before disposal. University policy states that any University-owned computer must have this done before disposal. Complete an IT Service Request or contact Tech Central at 310.506.4357.
  • Encryption for University-owned computers: If you store restricted data on your University-owned computer, you must encrypt your computer.
  • Encryption for personally-owned computers: University policy prohibits storing restricted University data on personal computers. However, if you have personal information on your home computer and would like to secure it using encryption, please review the process for Windows and Macintosh computers.
  • Deleting Selected Files or Folders: Just deleting old files and folders from your computer is a good first step in data minimization. For a more thorough process, consider more secure methods:
    1. Delete File/Folder: When you delete a file or folder from your computer, it typically moves to the trash or Recycle Bin where it can easily be recovered. It is important that you take the next step to minimize your data.
    2. Empty Trash/Recycle Bin: Emptying the trash or recycle bin removes a file from your computer's list of files.  However, the file isn't erased from the hard drive, and file recovery programs may still be able to find and restore it.
    3. Securely Wipe: Using a program such as SDelete for Windows or wiping the free space on a Mac is one way to ensure that files are totally unrecoverable, if you have an old-style spinning hard drive. If your computer has an SSD drive or other flash storage drive, the only way to securely prevent access is to encrypt it.
  • Mobile Devices (phones, tablets, PDAs, etc.): Make sure you check your photos, downloads, and connected cloud storage (Google Drive, One Drive, Dropbox, etc.) to ensure that you aren't storing any unneeded files.
  • Hard Copies: Shred or otherwise destroy any hard copies of data you no longer need. If you do need to store hard copies for archival purposes or if you will need to access the information in the future and can't recreate it, then hard copies should be stored under lock and key.

 

 

 

Tech Central

Phone: 310.506.4357 (HELP)

Hours: 24 hours a day, 7 days a week, 365 days a year

Technology Service Request Forms

Have A Suggestion for IT?

IT Suggestion Box

Click to share your suggestion, anonymously if preferred, to improve Pepperdine IT.