
It is important that you handle Restricted information with the greatest of care and for legitimate business purposes only. Restricted information is afforded special protections in addition to the provisions within University policies and is governed by state and federal law.
Summary: Handling Restricted Information
Store (Data at Rest) | Information must be secured* |
---|---|
Share (Data in Transit) | Information must be secured* |
Access | Device must be password-protected |
Physical (Hard) Copies |
Identification: Mark documents as “Restricted”; Protection: Store documents in locked locations. Place printers and FAX machines in locked areas. |
* Solutions to properly secure Restricted information include: encryption, access controls, multi-factor authentication, and network isolation. Per the PCI-DSS standards, ALL credit card information in the Princeton cardholder data environment (CDE) will be encrypted in transit and at rest.
Have Questions? Suspect a Compromise?
If you suspect that Restricted information may have been compromised, report your concern to the Service Desk immediately. State and Federal laws require that unauthorized access to certain Restricted information must be reported to the appropriate agency or agencies. All reporting of this nature must be done by or in consultation with the Office of the General Counsel. The Service Desk is also available to assist with any questions concerning the proper classification of Princeton information.
Always Restricted:
- Social security numbers
- Bank account numbers
- Driver’s license numbers
- State identity card numbers
- Credit card numbers
- Protected health information (as defined by HIPAA)