Data Location: Media

  • Mailing physical media

    by

    campus

    Use appropriately secure means when transferring physical media containing information. Track transfers to confirm that they reached the intended recipient.

  • Secure deletion

    by

    campus

    Securely delete information when it is no longer required by means that make it impossible to reconstruct the records.

  • Data minimization

    by

    campus

    Limit the storage and collection of data at this risk level to that which is necessary to accomplish the legitimate purpose for which it is collected.

  • Secure destruction

    by

    campus

    Destroy devices and media that are no longer needed in a way such that no information can be recovered.

  • Data Retention

    by

    campus

    Observe applicable data retention policies upon project completion. Securely delete the information if possible. If you must retain a copy of information at this level, ensure that it remains secure.

  • Anonymize information

    by

    campus

    Anonymize information whenever possible and separate access to identified and de-identified data sets. For physical media store identified information in a separate locked file cabinet.

  • HIPAA or PHI

    by

    campus

    If you handle Protected Health Information (PHI) or Individually Identifiable Health Information, there may be additional tasks to complete. Please contact infoprotect@mit.edu.

  • Payment processing

    by

    campus

    If you are accepting credit card payments, you may need to complete additional tasks. Please contact infoprotect@mit.edu

  • Sponsored research

    by

    campus

    If you have received data as part of a sponsored research project, and your contract includes clauses on data security there may be additional tasks. Please contact infoprotect@mit.edu.

  • Annual Review

    by

    campus

    Contact security@mit.edu for an annual review to verify that all security tasks are working properly.