Keeping Penn info safe and secure online

Technology has made the world flat, with information transmitted in less than a second, business conducted across continents with ease, and a workforce that is more streamlined and efficient. But precautions must be taken in order to keep online activities safe and secure.

Penn’s Privacy Office, part of the Office of Audit, Compliance, and Privacy housed in Saint Leonard’s Court near 38th and Chestnut streets, offers guidance to the University community on privacy-related risks, as well as tips and resources on how to protect personal and confidential Penn information.

University Privacy Officer Maura Johnston advises the University community to beware of email phishing scams that ask for an individual’s password or personal information.

“One of the flags of a phishing attempt is  a sense of urgency,” Johnston says. “For example, phishing emails often use language such as ‘your account will be closed immediately if you do not respond now with your account number and password.’ If it’s a phishing attempt, the sender will take your information and use it for fraudulent purposes.”

Online access to University data makes it possible for faculty and staff to work anywhere with internet access. However Johnston says technological safety measures are necessary to protect confidential Penn data, including information about students under the federal Family Education Rights and Privacy Act (FERPA) and medical information under the Health Insurance Portability and Accountability Act (HIPAA).

“If we’re going to use a cloud provider to store or process data that’s FERPA-protected, we need to make sure that we have the right protections in place with that cloud service to ensure that data is protected in the same way that we would on campus at Penn,” says Johnston. 

She warns against storing protected or confidential information on a personal mobile device or on a USB flash drive unless appropriate protections such as encryption are in place. Because the devices are small, she says they could be easily lost or stolen.

Regarding social media websites such as Twitter and Facebook, Johnston offers the simple yet important and often-overlooked advice: “Think before you share.”

“It’s important to be thinking about the difference between your own information that you choose to share,” says Johnston, “and the Penn information that you may have access to and have an obligation to protect.”

Johnston says that since many people use smartphones to share information on social media, they may feel a sense of informality or immediacy that comes with using a portable device. She suggests taking a moment to consider whether the information is appropriate to share before clicking “Tweet” or “Post.”

Privacy story