602: Protecting Information Stored on Paper
Information Security Policies & Procedures Manual
Section 600: Physical and Environmental Security
Paper documents that include Protected Information or Sensitive Information such as social security numbers, student education records, an individual's medical information, benefits, compensation, loan, or financial aid data, and faculty and staff evaluations are to be secured during printing, transmission (including by fax), storage, and disposal.
University employee and supervisor responsibilities include:
Do not leave paper documents containing Protected Information or Sensitive Information unattended; protect them from the view of passers-by or office visitors.
Store paper documents containing Protected Information or Sensitive Information in locked files.
Store paper documents that contain information that is critical to the conduct of University business in fireproof file cabinets. Keep copies in an alternate location.
Do not leave the keys to file drawers containing Protected Information or Sensitive Information in unlocked desk drawers or other areas accessible to unauthorized personnel.
All records are subject to OUS records retention policies and should be only be disposed of in accordance with the retention schedule defined within those policies. More information can be found at http://osulibrary.oregonstate.edu/archives/schedule/ . Once the retention schedule has been met, shred confidential paper documents and secure such documents until shredding occurs. If using the University pulping service, ensure that the pulping bin is locked and that it is accessed only by individuals identified by Business Services as those who are responsible for picking up pulping bins and who will be attentive to the confidentiality requirements.
- Make arrangements to retrieve or secure documents containing Protected Information or Sensitive Information immediately that are printed on copy machines, fax machines, and printers. If at all possible, documents containing Protected Information should not be sent by fax. Those documents should be sent via a trusted courier service and secured in transit as per OSU ISM 601-03.
- Double-check fax messages containing Sensitive Information:
- Recheck the recipient's number before you hit 'start.'
- Verify the security arrangements for a fax's receipt prior to sending.
- Verify that you are the intended recipient of faxes received on your machine.