Revision of Business Practices
In order to eliminate or minimize the use of sensitive data as much as possible, UWSP needed
to revise existing business practices that currently use sensitive data. A primary goal is
for an employee to never again have to share their personally sensitive data once they have
been through the UWSP new hire process. To accomplish that goal, we have revised our electronic
systems and forms by replacing the use of Social Security Number (SSN) with employee or student
identification number.
Business Practices:
Created a new process to replace our current method of gathering personally identifiable
information from new employees.
Created a procedure
whereby employees who need to store sensitive data can request authorization from campus
Data Stewards.
Created an application that allows authorized employees to query sensitive data when
required for payroll, personnel or other business purposes.
Identified and revised major forms and processes (e.g. Personnel Appointment Forms
(PAFs) and Travel Expense Reports
(TERs)) to eliminate the use of sensitive data.
Shared best practices for disposing of and physically protecting non-electronic sensitive
data with all employees in a
Confidentiality Agreement
including:
Shredding non-electronic records containing sensitive data with approved document shredding techniques.
Protecting non-electronic sensitive data in locked vaults, cabinets, etc.