Best Practices in Working with Data

Mentioned below are few steps that helps keep Nebraska Department of Education system data secure and confidential, minimizes threats and risks, and provide data access to the right personnel and staff.

When using and storing data, the following tips will help keep you keep that data secure.

• Never to send data through emails.
• Never to store NDE’s data on personal machine.
• Work with data teams for naming conventions to ensure your file is the latest and most accurate.
• Avoid saving data on a machine or a USB or any other electronic device—always save on a server. This keeps it safe and makes it less likely that you will lose it in case your computer crashes, is stolen, or falls victim to other unfortunate events.
• Ensuring use of two-factor authentication – Identification of authorized users is traditionally done with passwords, key cards, or biometrics (like fingerprints). Two-factor authentication requires the use of two of these methods to gain access.

Nebraska Department of Education connects and shares lot of critical information with vendors and contractors. Therefore, having proper security checks is critical before choosing the vendor is a good idea.

• Prior to purchase, check with Procurement to see if we have an enterprise license or if we have a comparable product that is already purchased. This will help us be fiscally responsible and reduce duplication of services.
• Prior to purchase, please obtain the data retention policy and privacy policies from the vendor. Each vendor will need to produce a document that outlines what they will do with our data which is routed for approval to the NDEDO or through the Data Policy Committee.
• An essential question to ask before selecting a vendor: what happens to our data if we sever ties? You don’t want your data to be held hostage should you move to a different provider. Find out the answer in advance, not in a contract dispute.
• A best-case vendor scenario will allow you to export all your data (including user account information, logs, customizations and so on) in a standardized format through an automated export function.
• To ensure data sent out to other contractors is pre-approved and falls under the NDE data security guidelines. Please ensure that vendor contracts go through the proper contract review.

Sending and sharing data immediately without ensuring security can quickly put you at risk. Below is mentioned some of the best practices that can help minimize security issues:

• Avoid emailing data.
• Never save data on an unencrypted machine or an unencrypted USB—always save on a server.
• Any publicly shared information should not identify individual students, critical to abide with PII.
• Date your files and always share the most recent and up-to-date version.
• Limit your recipients. Data leaks and security breaches often start internally. Limiting file access to a ‘need to know’ basis mitigates risk and ensures that confidential documents are only viewed by a select group.
• Think before you send. Before sharing data, consider your rationale. Do you need help with problem-solving? Will another set of eyes make the end result better? If you can’t come up with a concrete reason why someone else needs to see the data, it’s better left unshared.
• The data is not your own- it is NDE’s asset. If you need to submit any data outside the organization, please submit a request to the appropriate team to send it out securely.