Calendar A-Z Index School of Arts and Sciences University of Pennsylvania

Penn Policy

Printer-friendly versionPrinter-friendly version

In brief, Penn's policies require every individual who works with sensitive data to share in the responsibility for keeping that data secure. Some important elements of the policies include:

  • Never use SSN's as an identifier unless absolutely necessary. Choose Penn ID number or another alternative if at all possible.
  • If SSN's are necessary, then data containing SSN's must be encrypted at all times.
  • A computer that stores sensitive data is subject to additional security requirements beyond, eg, an administrative workstation.

This is just an overview of some of the policies. If you work with sensitive data, then you need to look at the policies that apply to you in full, to be sure you understand how they affect you and your work. Two policies in particular that have broad application are the Computer Security Policy and the Social Security Number Policy.

For a full list of Penn's Information Security policies, you can consult ISC's Computing Policies and Guidelines.

The Privacy Office website also provides an informative guide to Keeping Penn Data Safe.