Best Practices in Working with Data
Following some of these simple steps helps keep University of Nebraska system data confidential and secure, reduces data security risks and keeps data access to the right personnel and staff.
Using and Storing Data
When using and storing data, the following tips will help keep you in the clear.
- Avoid emailing data.
- Don't work on data with your personal machine.
- When possible, use the reportable views in a warehouse vs. downloading data.
- Work with data teams for naming conventions to ensure your file is the latest and most accurate.
- Never save data on a machine or a USB—always save on a server. This keeps it safe and makes it less likely that you will lose it in case your computer crashes, is stolen, or falls victim to other unfortunate events.
Sending and Sharing Data
Sending and sharing data can quickly put you at risk. These best practices can help minimize issues.
- Again, avoid emailing data.
- Never save data on an unencrypted machine or an unencrypted USB—always save on a server.
- Any publicly shared information should not identify individual students.
- Please reference ITS-05 on how to classify data.
- Date your files and always share the most recent and up-to-date version.
- Limit your recipients. Data leaks and security breaches often start internally. Limiting file access to a ‘need to know’ basis mitigates risk and ensures that confidential documents are only viewed by a select group.
- Think before you send. Before sharing data, consider your rationale. Do you need help with problem-solving? Will another set of eyes make the end result better? If you can’t come up with a concrete reason why someone else needs to see the data, it’s better left unshared.
- The data is not your own—it is the University's. If you need to submit any data outside the organization, please submit a request and the appropriate team will send it securely.
Many vendors utilize University of Nebraska system data, and using a vendor often leads to generating additional data that is then used by the University. Consulting with ITS and EDS before choosing and using a vendor is always a good idea.
- Prior to purchase, check with ITS and Procurement to see if we have an enterprise license or if we have a comparable product that is already purchased. This will help us be fiscally responsible and reduce duplication of services.
- Prior to purchase, please obtain the data retention policy and privacy policies from the vendor. Each vendor will need to produce a document that outlines what they will do with our data which is routed for approval to the General Counsel’s office and ITS.
- An essential question to ask before selecting a vendor: what happens to our data if we sever ties? You don't want your data to be held hostage should you move to a different provider. Find out the answer in advance, not in a contract dispute.
- A best-case vendor scenario will allow you to export all your data (including user account information, logs, customizations and so on) in a standardized format through an automated export function.
Be protective of the University’s data. Some vendors may want to use the University’s data and their contracts will include provisions that grant rights to the vendor to utilize the University’s data, sometimes for no charge. Please ensure that vendor contracts go through the proper contract review.