As the year continues to zoom by, we find ourselves nearing the end of October already - it is prime spooky season. You may celebrate Halloween and have some decorative ghosts or skeletons at home, but have you considered that there may be some ghosts lurking in your university spaces? DATA RETENTION! Who said that?! DATA CLASSIFICATION! Oh my word! THE SPARCS TEAM IS REACHING OUT TO TELL YOU THAT YOU HAVE SENSITIVE DATA INAPPROPRIATELY STORED! When do the jump scares end?! While we wish we could tell you that they are limited to the spooky season, the SPARCS team works year-round and the need to enhance your data privacy practices doesn’t end. Time to start thinking about whether or not your university Google Drive, OneDrive, or Gmail accounts have some ghosts floating around (they won’t be quite as cute as the one above!)
What is sensitive data?
At the University of Maryland, data is considered sensitive once you reach risk level 3 in our data classification system. Some examples of level 3 data are:
- Social Security Numbers
- Credit Card Numbers
- Passport Numbers
- Drivers License Numbers
- Tax IDs
- Bank Account Numbers
- I-9 Information
- Immigration Documents
- Employment Documents
Level 3 data (and above) are not permitted to be stored or transmitted in Google Drive, Gmail, or OneDrive.
Do I have ghosts?????
Maybe! Some common situations where sensitive information creeps into your university spaces would be:
- If you inherited files from someone else
- If you do your tax returns on your university device (refrain from doing this!)
- If you have previously done reimbursement requests (prior to 2022)
Sometimes things download and end up in places we don’t mean for them to, but familiarizing yourself with the files you have on your device can help limit the presence of these ghosts. If you have sensitive data in any of these places, then you may hear from the SPARCS team regarding it.
So how can I look out for this email?
These emails are sent from sparcs@umd.edu and will have links to an application called BigID. BigID is the tool used by the SPARCS team for scanning data sources (such as Google Drive, Gmail, OneDrive) for these sensitive items. Once the scans are complete, we are provided with the file names and file owners of the flagged items. We then will send out a notification for remediation of the flagged items.
You must complete the remediation process within 60 days, or the files of concern will be removed from your space and will no longer exist. Ghosts, gone! While using BigID to view your items that need to be remediated, you will have the option to mark items as completed or mark them as false matches. Sometimes we are not perfect, and BigID may flag items wrongfully. If you have any questions about this process, please contact sparcs@umd.edu, and copy bmarti12@umd.edu. These are the only two emails that you will receive notifications from regarding sensitive items in your university spaces. If you receive something like this from a different email, do not click on any links and don’t be scared to mark it as phishing or reach out to a trusted IT employee at the university.
Keeping track of all of the files you have can be a scary task, but it is something that you should not hide from. We can promise you that by ignoring these things and then being the victim of a data breach will be far spookier than anything the month of October can bring you. Don’t let the ghosts continue to lurk around, and instead let your spooky season be filled with pumpkin spice lattes, fall foliage, crisp morning air, and apple cider donuts.