CISO Memo: Data Collection & Protection

David SherryHave you ever stopped to think about all the data you collect at home? Old tax records, report cards from your children, mortgage and loan paperwork, receipts, bank statements, warranties…..the list goes on and on. If you took the time to do an inventory of your “stuff”, you would probably be shocked.

Now, take a moment and close your eyes and think about what is being collected at Brown. I’m confident that you have come up with a lot of data!

That’s why there is an initiative kicking off at Brown to help identify and secure confidential data. A Data, Privacy and Records Management (“DPRM”) working group has been formed with colleagues from across the University to develop a process by which every department will identify the private data they are collecting. As part of the process, information that is not necessary will be removed, and what is necessary will get the proper security to protect it. You’ll hear more about this in the fall.

Until then, be thinking about what confidential or restricted information that you use in your day to day work. Do you know what it is? Do you know where it is? Do you know if you are protecting it properly? These are all important questions that the DPRM initiative will help you to answer.

As always, I welcome your comments and feedback. Please feel free to reach out to me directly at, or the entire team at Let me know how we are doing, areas of concern you may have, or questions on protecting your identity or personal computing security. And remember, sec_rity is not complete without U!