The University of Arizona
Home » Projects & Initiatives » Personal Info Sweep

Step 3 - Secure Personal Information

If you can’t delete the file, secure the personal information.

Personal information should be retained only if you have a business need to store personal information. If you can obtain the personal information from the official source when you need it instead of keeping it yourself, dispose of it.

Select from the following options:

  • Option 1: Transfer personal information to a CD, DVD or flash drive and physically secure it
  • Option 2: Separate the number from the associated name
  • Option 3: Truncate the number to the last four digits
  • Option 4: Replace all but the last four digits of the number with filler X's
  • Option 5: Encrypt personal information

NOTE: As of Fall 2008, SID numbers that are the same as SSNs are no longer in use. If you must store lists or reports with SID numbers from earlier semesters during the record retention period, be sure to secure them with one of these options.

Option 1: Transfer files with personal information to a CD, DVD or flash drive and physically secure it 

Write files containing personal information to a CD, DVD or flash drive and secure it behind a locked door or in a locked file cabinet.  Ask local IT staff whether your unit has an archiving procedure.

Delete files from your computer, then empty the computer trash folder or recycle bin. See the File Deletion Guideline for information on secure file deletion.

Additional rules apply to information relating to payment cards your unit accepts in payment for goods or services.

Option 2: Separate the number from the associated name

Delete the first name or initial, or the number of the personal information. In a spreadsheet, highlight the column with the names or numbers you want to remove and delete it.

Option 3: Truncate the number to the last four digits

Delete all but the last four digits of the number.

Option 4: Replace all but the last four digits of the number with filler X's

Option 5: Encrypt personal information

If you cannot find any other alternative to storing personal information and you have a business need for it, encrypt it.  Encryption is an effective way to protect files, especially from being opened and viewed on a hacked or stolen computer. Refer to the Encryption Guideline for recommended tools and procedures. You should coordinate encryption measures with your IT staff.

Encryption carries several risks. Encrypted information may not be recoverable if your computer’s hard drive fails. Consistent back-up practices are highly recommended. 

To read an encrypted file, you must have access to a secret key—or password—that enables you to decrypt it. Some encryption methods carry the risk of permanent loss of information if the key is lost. USE WITH GREAT CARE. Deliver encryption keys to your supervisor or a person designated to retain them.

Step 4 – Install Cornell Spider