Safeguarding Student Data

Every employee is responsible for protecting institutional data and understanding the laws governing the release of data. We recommend that employees receive personal training on privacy laws and best practices for protecting data at IU before receiving access to restricted data.

Tips for safeguarding student data

  • Don't store data on personal workstations, laptops, or mobile devices without approved safeguards in place (e.g., encryption). No critical data may be accessed on mobile or portable devices without approval from executive management.
  • Know who has access to folders before you save restricted or critical data.
  • Do not store sensitive data in locations that are publicly accessible from the Internet. If you can access it without a password, so can others.
  • Mobile or portable devices even for email use should be password protected.
  • Don't share passwords and make sure to follow IU's passphrase requirements and NEVER save passwords in memory!
  • Encrypt any passwords stored on your computer that access confidential data.
  • Laptops must have encryption installed (e.g., PGP whole disk encryption.)
  • If sensitive data is no longer needed, don't retain it! Know your department's retention and disposal policies.
  • Be on the lookout for phishing scams.
  • Run anti-virus software routinely and alert IT staff if you encounter issues.
  • Do not use unencrypted wireless connections when working with or sending data. VPN and IUAnyWare are secure options.
  • Always transmit confidential data securely. You must not send confidential data in an email, in the body of a message, or in an attachment, unless the data is encrypted.
  • Use slashtmp for critical data or CRES when sharing restricted data with other IU school officials through email.

For more information on protecting data at IU, please visit

Data Security training resources for new employees

What Is Sensitive Data?

Protecting Red Hot Data

Laptop/Mobile Device Requirements

FERPA Tutorial

Privacy Awareness Tutorials

Email Guidelines

Passphrase Guidelines

Peer Mentor Guidelines

Student Worker Guidelines

Reporting Security Incidents

To report an incident, send an email to outlining the incident details. For more information, please visit