When Using Augusta University Data and Reporting Systems:

Do
Do use a password-protected computer when accessing data and reporting systems, when viewing institutional records, and when downloading reports.
Don'tDon't share or exchange individual passwords, for either personal computer(s) or system user accounts. 
DoDo log out of and close the browser after each use of Augusta University data and reporting systems.
DoDo only access data in which you have received explicit written permissions from the data owner.

When Handling Sensitive Data:

DoDo keep confidential and sensitive data only on password-protected and encrypted state-authorized computers.
DoDo keep any printed files containing PII in a locked location while unattended.
Don'tDon't share PII during public presentations, webinars, etc. 
DoDo share dummy records during public presentations, webinars, etc.

When Reporting & Data Sharing: 

DoDo publish only aggregate data in groups no smaller than 5 in reports and only for valid purposes.
DoDo take steps to avoid disclosure of PII in reports, such as aggregating, data suppression, rounding, recoding, etc.
Don'tDon't download, send, or publish screenshots, texts, or attachments that contain PII without prior approval. If you receive an email/link containing such information, you should delete the screenshot/text/attachments when forwarding or replying. 
Don'tDon't transmit PII externally unless explicitly authorized in writing by the Data Trustee and the Institutional Review Board when applicable (i.e., as part of a formal research study).
DoDo use Secure File Transfer Protocol (SFTP) when sharing PII with authorized individuals. Sharing within secured server folders (i.e., BOX) is appropriate for Augusta University internal file transfer.
DoDo immediately report any data breaches, suspected data breaches, or any other suspicious activity related to data access to my supervisor and the AU Chief Information Security Officer.