Section 3: Protecting Information
TxDOT must take every precaution to protect access and use of Confidential Information, Sensitive Data, Sensitive Personal Information, and Personal Identifying Information.
Recommended practices include:
- Anchor: #BBVWYPYT
- Minimize the use and collection of information to only what is necessary to accomplish the agency’s business. Anchor: #SLQOTPFK
- Staff with authorized access to information must maintain confidentiality and not disclose the information to any non-authorized personnel. Anchor: #QAPJOQSY
- Information should be kept in secure storage in a manner where access can be monitored and limited to authorized staff. This includes use of lockable cabinets for hardcopy files and loose documents, and information systems that meet appropriate network security and access control standards. Anchor: #JAUXOLWS
- Never leave collection of information unattended or unsecured. Make sure workstation is locked when away from desk. Anchor: #IGSBKWYE
- Do not create unnecessary or convenience copies or printouts of information. Anchor: #KCHQUOYO
- Do not take information home or to any non-TxDOT worksite, in either paper or electronic format, unless appropriately approved and secured. Anchor: #CFKYWVWW
- Never leave paper files or electronic devices in plain sight in an unattended vehicle to limit the exposure to theft. Anchor: #COFUTASE
- Information must be transported and stored in a secure manner to safeguard it against improper disclosure or loss. Anchor: #GMWODMMR
- Records should be properly labeled with “confidential information” when applicable. Anchor: #IPIXJJEL
- Information must never be exposed in recycling bins or trash bins for disposal. Materials must only be disposed by confidential shredding. See Chapter 11, “Archiving and Destroying Records” - Destruction of Confidential Records for more detail information.