Site Menu
- Safe Computing
- Basics & Essentials
- Beyond the Basics
- Advanced Topics
- Best Practices
- Campus Resources
- Contact Us
- Site Map
What's New?
Download Brochures & Handouts
Instructions for encryption, guides, handouts, posters, and brochures are all available for download.
Hot Topics
- Phishing
- Encrypting Stored Data
- University Security Standards (UCSS)
- Locate SSN or Credit Card Numbers
Incident Response
What is an Incident?
What Constitutes a Personal Data Exposure
Exposure of an individual's name in combination with any of the following constitutes a data breach and may require the university to begin the notification process:
- Social Security numbers
- Banking or Financial account numbers with passwords or PIN numbers
- Driver's license number or state identification card number
- Student educational records including academic performance data, disciplinary records, race or ethnicity, gender, nationality or grades.
Consequences of a Violation
Under the requirements of Ohio Revised Code §1347, an incident that allowed unauthorized individuals to have potential or actual access to student, faculty or staff names coupled with their Social Security numbers requires notification of these individuals. According to the Interim Policy on Disclosure or Exposure of Personal Information, the actual costs associated with the notification will be borne by the department involved with the breach.
The cost of the notification process is not the only consideration when dealing with a personal data exposure. Perhaps of greater consequence is the loss of trust in the university that results from these incidents. Other institutions that have incurred major breaches have reported significant negative effects that include denial of grant applications, loss of donor support and declines in enrollment.
- Remove Social Security numbers - Simply removing Social Security numbers from electronic and paper documents goes a long way toward neutralizing the threat of legal action should those files be exposed. Removing SSNs completely or scrambling the numbers is one effective way to protect student information in the event of a computer theft. Use safe unique identifiers such as a students "name.n" whenever possible and remove protected personal information from documents you intend to store.
Reporting a Security Breach
Individuals wishing to report actual or potential data breaches can either send an e-mail to security@osu.edu, or can call 7-2020 (on-campus) or (614) 247-2020 (off-campus).
