STATE OF ARIZONA
GOVERNMENT INFORMATION TECHNOLOGY AGENCY
100 N. 15^th Avenue, Suite 440
Phoenix AZ  85007

GITA Recommended Steps to Protect Sensitive Citizen Information

June 14, 2006

Staff Training and Public Awareness

1.  Conduct regular background checks and staff training, which includes Appropriate Use Statements and Non-Disclosure Agreements for new employees, temporary employees, and contractors that restrict access to sensitive information.

2.  Educate the consumer/citizen about the exact information required to conduct business with the agency and how that data will be used.

Planning, Monitoring and Reporting

3.  Develop a crisis management plan to be used if sensitive employee and/or customer data is lost, stolen, or acquired electronically.

4.  Implement audit compliance procedures for all IT security standards, information-handling practices and privacy policies.

5.  Immediately report incidents to agency CIO for forwarding to Statewide Incident Protection Center (SIPC)

Technology & Infrastructure

6.  Use encryption technologies to protect all personal/confidential information contained in electronic format (in-transit or storage).

7.  Ensure safeguards are in place for mobile devices that contain sensitive personal data, such as laptops, Blackberries, PDAs, thumbdrives, and mobile phones.

8.  Support document destruction capabilities (i.e., shredders, hard drive sanitation and locked dumpsters) for office infrastructure.

9.  Review and follow Statewide Privacy Policy & Security Standards http://www.azgita.gov/policies_standards/default.htm#Security