The University of Arizona
Home » Projects & Initiatives » Personal Info Sweep

Step 3 - Secure Personal Information

If you can’t delete the file, secure the personal information.

You must have a business need to store personal information. If you can access the personal information from the official secured source when you need it instead of keeping it yourself, dispose of it.

Select from the following options:

  • Option 1: Transfer files with personal information to physical media and physically secure them
  • Option 2: Separate the number from the associated name
  • Option 3: Truncate the number to the last four digits
  • Option 4: Encrypt personal information

NOTE: As of Fall 2008, SID numbers that are the same as SSNs are no longer in use. If you must store lists or reports with SID numbers from earlier semesters during the record retention period, be sure to secure them with one of these options.


Option 1:  Transfer files with personal information to physical media and physically secure them

Write files containing personal information to a CD, DVD or flash drive and secure it behind a locked door or in a locked file cabinet. 

Delete files from your computer, then empty the computer trash folder or recycle bin. See the File Deletion Guideline for information on secure file deletion.

Additional rules apply to information relating to payment cards that your unit accepts as payment for goods or services.


Option 2: Separate the number from the associated name

Delete the personal information (the first name or initial, or the number) from the file. In a spreadsheet, highlight the column with the numbers you want to remove and delete it.


Option 3: Truncate the number to the last four digits

Delete all but the last four digits of the number.


Option 4: Encrypt personal information

If you cannot find any other alternative to storing personal information and you have a business need for it, encrypt it. Encryption is an effective way to protect files, especially from being opened and viewed on a hacked or stolen computer. A UA-approved encryption product is not available at this time. You should coordinate encryption measures with your IT staff.

Encryption carries several risks. Encrypted information may not be recoverable if your computer’s hard drive fails. Consistent back up practices are highly recommended.

To read an encrypted file, you must have access to a secret key—or password—that enables you to decrypt it. Some encryption methods carry the risk of permanent loss of information if the key is lost. USE WITH GREAT CARE. Encryption keys must be delivered to your supervisor or a person designated to retain them.

Step 4 – Delete Temporary Files