Secure Information Handling

All users are responsible for safeguarding and monitoring sensitive data against unauthorized disclosure, modification, and destruction.  Sensitive data may be used only for KCTCS related business in accordance with its policies and standards.  A wide variety of third parties have entrusted their sensitive data to KCTCS for business purposes, and all employees should safeguard the privacy and security of this information.

KCTCS ensures that sensitive data is properly handled, whether being transmitted within the organization or to a trusted external third party. This document provides guidance on how to handle sensitive data, including the physical security requirements and the distribution of sensitive data internally and externally.

Properly Handling Sensitive Data Within Email

There are several secure options of handling Personally Identifiable Information (PII) with respect to those who have a business need and on a need-to-know basis.   The general breakdown is as follows. 

Communicating sensitive information via Email:

The use of email is not the promoted avenue for communicating sensitive information.  The KCTCS Information Security team promotes the use of Sharepoint and OneDrive to help contain and allow the viewing of and distribution of sensitive data elements. Sharepoint/OneDrive is an authenticated file and data repository that can be safely and securely accessed and linked to within the body of an email.  Simply place the sensitive data elements you wish to share within a OneDrive document of your choosing, and share the secure link to the document containing the sensitive information within the body of your email.  Using this approach, we are able to securely link to the sensitive data instead of including the sensitive PII data within the body of the email itself.

Exceptions:

There are cases where a small subset of information is required to be sent via email, whether via a ticket request or working with a prospective employee, etc.  If you are limited to work only within the body of an email and cannot use OneDrive, we have presented an option below that is a secure means of transmitting information.  This option can be used to send individual Restricted information data types and public directory information types ONLY; it is NOT to be used for CONFIDENTIAL information data types.

Create a new email and be sure to include the appropriate encryption type as seen in the figures below.

This will enforce the following security, wrapped into the email:

inf handleinf2

  • For Restricted data, the following approach may be taken:
    • A sequence of digits, such as a StudentID/EmplID IS allowed to be sent IF it is sent in the encrypted email with NO other coupled information
      • For instance, sending 001234567 in the body of an email without the last, first name included; ONLY the number itself.  No other identifying information beyond the number is to be included.  In this way, even if the email is improperly routed or forwarded, the ID cannot be traced back to a student or Employee.
    • This same principle can be applied to other digit combinations
  • StudentID coupled with a name is NOT in alignment with this exception.  That would require two separate emails.  
    • However, sending an email with the Student ID followed by a separate email containing the names of those students is acceptable.  Both emails still would contain only the single identifier and not coupled information.

OneDrive / Sharepoint Exceptions:

Viewing of sensitive data elements through the use of OneDrive and Sharepoint is allowed. 

However, the use of Sharepoint alerts used to send sensitive information contained in Sharepoint should not be performed, as this would take the sensitive data out of the secure Sharepoint container and place it at risk.

Sensitive Data Storage

All documents containing sensitive data should be stored appropriately to reduce the potential for disclosure. Documents should not be easily accessible to unauthorized individuals and any documents containing sensitive information should be placed with identifying information face down on counters and desks. These documents should not be left out on desks or countertops after business hours and should be placed in locked storage bins, locked desk drawers, or other secure areas.

Cardholder Information

Sensitive authentication data should not be stored after authorization, even if encrypted.

The full contents of the magnetic stripe located on the back of a card, or equivalent data contained on a chip (also called full track, track, track 1, track 2, and magnetic-stripe data) should never be stored.  If required for normal business processes, the cardholder's name and primary account number (PAN), expiration date, and the service code elements should be securely stored and transmitted according to the standards presented in PCI v3.0

The card verification code or value (CVV, CID, CVV2), the three-digit or four-digit number printed on the front or back of a payment card, used to verify card-not present transactions should not be retained and need to be destroyed, immediately after processing the card transaction.

Personal identification numbers (PIN) or the encrypted PIN block should never be stored, written down, or shared with unauthorized individuals.

If cardholder data needs to be retained, the primary account number (PAN) should be rendered unreadable anywhere it is stored, including portable digital media, backup media, and logs.  PAN is expected to be rendered unreadable using one-way hashes based on strong cryptography, truncation, index tokens and pads, or strong cryptography with associated key-management processes and procedures.

The retention of sensitive data is encouraged across all affected hardware and software solutions that pass or store sensitive information. It is advised that data not be kept any longer than necessary for the purpose it serves.

Sensitive Data Storage on Laptops

In cases where sensitive data is managed or stored on laptops, the information should be encrypted. 

Sensitive Data Destruction

All media containing sensitive data including electronic, hardcopy, photocopy, etc., should be destroyed when it is no longer needed for business or legal reasons.

Electronic Media Destruction

Electronic storage media containing sensitive data including hard disks, portable drives, tape media, and CD/DVDs need to be rendered unrecoverable so that sensitive data cannot be reconstructed by secure wiping, degaussing, or physical destruction such as grinding or shredding hard disks.

Hardcopy Media Destruction

All hardcopy materials containing sensitive data that are generated in the course of copying, printing, or other sensitive information handling should be destroyed by shredding, incineration, or pulping processes so that sensitive data cannot be reconstructed.

Storage Media

Strict controls are in place to limit the accessibility of storage media containing sensitive data. All media containing sensitive data should be distributed in a secure manner both internally and externally.  If it is necessary to remove computer-readable sensitive information from the secure area, the information must be protected with encryption.

All storage media containing sensitive data should be physically secured at all times.

KCTCS applies data disk encryption to ensure safe removal of hardware and electronic media to ensure sensitive data is secured going into and out of a facility, and the movement of these items within a facility. 

If media is not inventoried, It is at risk for loss of identification in the event it is lost or stolen.

Displaying Sensitive Data

When the PAN is required to be displayed, it should be masked to only display the first six and last four digits of the PAN.

Transmission of Sensitive Data

Strong cryptography and security protocols should be used to safeguard sensitive data during transmission over open, public networks.  Secure protocols such as SSL/TLS, IPSEC, SSH, etc. are the most effective means transmitting and safeguarding sensitive data.

End-user messaging technologies including e-mail, instant messaging, chat, etc. should never be used to send an unprotected primary account number (PAN).

Safeguards for Documents

All documents containing sensitive data are expected to be stored appropriately to reduce the potential for disclosure.  Documents should not be easily accessible to unauthorized individuals and any documents containing sensitive information should be placed with identifying information face down on counters and desks. These documents should not be left out on desks or countertops after business hours and should be placed in locked storage bins, locked desk drawers, or other secure areas.

When discarding documents containing sensitive data, use a cross-cut shredder or place the document in a locked bin specifically designated as a shredding bin where the documents will be retrieved for shredding.