It's important to understand the types of data you handle to ensure you are keeping it safe. Your job may require you to handle private information related to students, employees, alumni, donors, research sponsors, patients and others. This material can carry personally identifiable information such as social security numbers, credit card information, educational records and health information.

When handling private information, consider these actions:

• Ensure there is a true business need for collecting personal information.
• Only request the minimum information required. Do not collect additional information that you “might” need in the future.
• Inform the individual why you need the information and how it will be used. If the information will be handled by a third-party, clearly disclose that, too.
• Follow CU security standards and consult with the Office of Information Security to properly secure personal information. Most notably, limit access to personal information to only those who need to know.
• Have a data retention plan that includes a schedule to delete personal information when it is no longer needed and ensure information is cleaned up according to that plan.
• Be aware of any regulatory or contractual requirements regarding privacy and security. Be sure you know your obligations and come up with processes to meet them. This may mean meeting specific security standards, minimum/maximum data retention requirements or other required steps.
• Know how you will handle privacy related questions and requests. Email privacy@cu.edu for assistance and to connect with others at CU who can help with any privacy concerns.