Encrypting PII on File Servers

[Christian Beck <beckc () UWOSH EDU>]

My university has formed a working group to consider protection for 
administrative data containing PII on shared drives such as file 
servers.  Administrative office personnel routinely manipulate data 
containing SSNs and other sensitive information in spreadsheets, 
reports, and other documents.  Many times these documents must be 
shared.  I would like to ask this group for your policies and security 
practices for storing working copies of sensitive data.

Do you have policies or procedures specifying appropriate use of file 
server PII storage for administrative users?
Do you allow administrative users to use file servers to store working 
copies or shared documents that contain PII?
What specific encryption products do you use when connecting Windows or 
Apple clients to file servers?
Do you use encryption on file servers?
    What type of encryption:  full disk or file/folder?
    Do users or user groups share the same encryption key for 
decrypting and encrypting?
    What recovery method is used if a user key is compromised or lost?
How do you share encrypted files with external entities?
Do you firewall file servers containing sensitive information?
How do you deal with users copying PII data to an external storage?
Do you use identity finder software to locate sensitive data on file 
servers?

Thank you for your input.  I will share the findings of our committee 
with this group.

Christian Beck