COMMON AUDIT ISSUES
Data Security
It seems the newspapers have been full of stories recently about compromises of personal information maintained by businesses, government and higher education. Before you stop reading, think about the confidential data that is handled by the University, and how it could be misused if stolen. It isn't just credit card information that is subject to theft or misuse. Security of other information is also important:
- a student application contains enough personal data to make identity theft easy,
- a transcript containing personal information could serve as a tool in identity theft,
- copies of checks received in payment of services have the payer's bank account information along with their name and address,
- an employee TER contains their Social Security number and,
- receipts submitted to support travel reimbursement may contain credit card information.
While we're all familiar with the privacy rules in FERPA (student data), other data we may hold falls under the HIPAA security rule (Protected Health Information) or GLB (Graham/Leach/Bliley) Act, identified as personal financial data. There are other state and federal regulations covering personal data as well. Not properly protecting the data covered by these statutes/rules can lead to fines and even criminal prosecution.
What to do? Protect it, lock it up, and don't share it with someone unless they need it to perform their job. When it's no longer needed in the office, archive it at the State Records Center where they have adequate security and confidential disposal. If it can be disposed of, shred it, or work with Archives to arrange disposal. Remember, this is confidential personal data. How you would feel about its security if it were your information!
Business Services News - Sept 2005