As part of General Data Protection Regulation (GDPR) data privacy regulations rolling out in the European Union, the PWP systems administrators are alerting each site owner about student data and file upload privacy. We have provided additional information to learn more about GDPR.
We strongly encourage you to check your PWP website content and file uploads and make sure that:
- Personally identifying data is not exposed in file uploads (PDFs, DOCs, XLSs) or web content. This includes CVs, resumes, and any file uploads not intended for public view. PWP is not an appropriate storage medium for sensitive files – for storing sensitive data, you should consider other services as outlined at the PWP FAQ . You should always assume that any file uploaded to PWP has no expectation of privacy or restrictive access, as this service is not intended for sensitive data storage.
- Site administration and ownership information is up-to-date. This is a good time to remove site access from old student assistants who helped with building or maintaining a site in the past, but are no longer working for you.
As we move forward, we will start accepting and processing requests for removal of uploaded files that contain the requestor’s personal sensitive data, so we urge you to keep all sensitive data files somewhere other than PWP to avoid losing them unexpectedly.
We recommend that you keep your own backups of all important content that you upload to PWP, just to be safe. We will forward any data privacy concerns regarding file uploads to Georgia Tech Cybersecurity and alert the site-owners to the issue(s).