Data Categorization – 2021

Scherzer International’s Data Encryption Policy requires encryption to protect any data containing sensitive/proprietary data.

The legalities of monitoring employees online

Data at rest (the device is not powered-on)

  • Data at rest should be protected by one of the following
    • Encryption and/or
    • Strict access controls that authenticate the identity of those individuals accessing the Microsoft Windows best practices suggestions.
  • Password protection instead of encryption is not an acceptable alternative to protecting sensitive/confidential information.
  • Systems that store or transmit personal information must have proper security protection, such as antivirus software, with unneeded services or ports turned off and subject to needed applications being properly configured.

Removable media

  • As a general practice, SI doesn’t use removable media since we back up to Microsoft’s network.
  • Removable Media including, but not limited to, USB thumb drives, removable hard drives, CD-ROMs, DVDs, and other media are NOT to be used in transporting information containing PII.
  • If a client requests sensitive/confidential information for their search subjects, the Removable Media receiver must be identified to ensure the person requesting the data is the one claimed.

Cloud-based Services

  • SI doesn’t allow for Cloud-based services outside of the company-issued Microsoft One Drive. Cloud services such as Google Drive, Box, DropBox, or non-SI issued Microsoft OneDrive accounts to be accessed on the Scherzer network.

Personal Email Accounts

  • SI doesn’t allow for web-based email services such as Outlook/Hotmail, Gmail, Yahoo, or other non-SI issued email accounts to be accessed from within the Scherzer network.


  • All the fields in a database that contain sensitive/proprietary data must be encrypted to 256-bit encryption.
  • Databases under NO circumstances are transported via laptops or removable devices such as a removable hard drive, optical drive, or other media.

Transmission Security (Data leaving the SI network)

  • All emails and data with sensitive/proprietary data transmitted outside the Scherzer International network must be encrypted and truncated (e.g., social security numbers being identified by the last four digits).
  • Any sensitive/proprietary data transmitted through a public network (the Internet) to and from vendors, customers, or entities doing business with Scherzer International must be encrypted or sent through an encrypted tunnel or HTTPS minimum 256-bit SSL encryption. Sensitive or proprietary data must be transmitted through a tunnel encrypted with the Scherzer VPN with point-to-point tunneling protocol (PPTP)
  • Transmitting sensitive/confidential information through personal web email programs or service accounts is not allowed.
  • Using chat programs or online peer-to-peer file-sharing programs is not allowed.
  • Wireless (WIFI) transmissions must be encrypted using WPA2 Enterprise encryption.

Portable Devices

  • Sensitive/proprietary must not be stored on portable devices, including but not limited to laptops, smartphones, digital audio players (iPods), removable hard drives, USB thumb drives, and the like.