Data Privacy

Desktop Data Privacy Exercise

Protecting data to achieve privacy

Data Minimization is the practice of keeping only the data that is essential for personal or business applications on your devices, and it is key to privacy.  At Pepperdine, we must ensure we don't collect more information than we need, and that we appropriately end our access to the information when we're done using it.  To meet predetermined standards to support data privacy, data must be:

  • Adequate
  • Relevant
  • Restricted by its necessary purpose

The best defense against data hackers is having the right information and staying diligent in our practices. Data minimization is not just an annual event.  Actively look for ways to minimize the data you collect and store on a daily basis.  By making data minimization a daily process, we protect each other and are more efficient with our personal and business data. Let's get started:

Know What You Have

The following is a sample list of types of information you may have collected or created.  This is by no means an exhaustive list.
  • Databases
  • Contact Lists
  • Mail Merge files
  • Letters of Reference/Recommendation
  • Applications (Scholarships, Internships, TA, Grad Assistant)
  • Hiring/Vendor Paperwork
  • Grading
  • Alumni Surveys
  • Web tools (Qualtrics/Survey Monkey/Poll Everywhere/Google Forms)
  • Faculty Evaluations
  • Bills/Invoices
  • Bank Statements
To assist you in identifying data on your devices that could be targeted by hackers, the IT department has a digital tool available that will scan your computer to find files that might have credit card or social security numbers.

Know Where It Might Be

Data can be stored in many different places, and many times the same information is stored in multiple locations on our devices, including:
  • Desktop computer
  • Laptop computer
  • Mobile Phone
  • Tablet
  • Flash Drive/CD/Floppy Disk/External Drives
  • Email (web, Outlook, Mail App)
  • Photos
  • Scans

Know What Needs to Be Done

If you need continued data access for an ongoing project, or for information that needs to be stored for a specific period of time, make sure that you secure the data.  We suggest deleting information that is no longer needed.

Secure: Passwords are great for ensuring data that is part of a current project is safe. At Pepperdine, we have passwords on our computer accounts, email, WaveNet, etc. to protect information. We recommend locking your computer if you step away, and that you log out and don't allow web browsers to remember passwords.

Remove: If you no longer need to access data, delete it. This includes shredding or otherwise securely disposing of any hard copies of the data as well. Keeping more information than we need–especially on mobile devices that could get lost, stolen, or otherwise compromised–is an accident waiting to happen.

Encrypt: If you need to archive information that you don't currently need, but will need to access in the future, encrypt it. If you have anything classified as Restricted Data, the University requires that you encrypt it.

Know How to Do It

Now that you've made some notes about what you have, where it might be stored, and an idea of what you should do with it, here are some guides on how to do it:
  • Scan for restricted data: The Sensitive Number Finder (SENF) tool can help you search your computer for credit card and social security numbers. Learn more about it and how to use it here: https://community.pepperdine.edu/it/security/ric/findsenf.htm.
  • Secure your web browser: Having a password automatically entered on a website is a great convenience, but it's also a great security risk. We recommend that you do not allow your web browser to remember passwords, not for University resources, financial institutions, and any online shopping sites. Here is a helpful guide on how to delete any saved passwords: https://www.wikihow.com/Delete-Remembered-Passwords.
  • Electronic disposal: Are you getting rid of an old computer, phone, or other device that might have data on it that needs to be cleared? Ideally, you should have the entire device securely wiped and/or encrypted before disposal. University policy states that any University-owned computer must have this done before disposal. Complete an IT Service Request to arrange to have this done. Seaver Faculty can contact their Tech Liaison, and Grad Campus faculty and staff can contact their tech support personnel.
  • Encryption for University-owned computers: If you store restricted data on your University-owned computer, you must encrypt your computer.
  • Encryption for personally-owned computers: University policy prohibits storing restricted University data on personal computers.  However, if you have personal information on your home computer and would like to secure it using encryption, please review the process for Windowsand Macintosh computers.
  • Deleting Selected Files or Folders: Just deleting old files and folders from your computer is a good first step in data minimization.  For a more thorough process, consider more secure methods:
    • Delete File/Folder: When you delete a file or folder from your computer, it typically moves to the trash or Recycle Bin where it can easily be recovered. It is important that you take the next step to minimize your data.
    • Empty Trash/Recycle Bin: Emptying the trash or recycle bin removes a file from your computer's list of files.  However, the file isn't erased from the hard drive, and file recovery programs may still be able to find and restore it.
    • Securely Wipe: Using a program such as SDelete for Windows or wiping the free space on a Mac is one way to ensure that files are totally unrecoverable, if you have an old-style spinning hard drive.  If your computer has an SSD drive or other flash storage drive, the only way to securely prevent access is to encrypt it.
  • Mobile Devices (phones, tablets, PDAs, etc.): Make sure you check your photos, downloads, and connected cloud storage (Google Drive, One Drive, Drop Box, etc.) to ensure that you aren't storing any unneeded files.
  • Hard Copies: Shred or otherwise destroy any hard copies of data you no longer need. If you do need to store hard copies for archival purposes or if you will need to access the information in the future and can't recreate it, then hard copies should be stored under lock and key.