Information Technology Systems and Services.

infotech.NEWS

Technology news for UMD faculty, staff and students

Policy Review: Data Security

| No Comments

It is the responsibility of all faculty and staff to do their best to secure any private data to which they may have access.

For a definition of private data, consult Examples of Public, Private, and Confidential Information. This includes student information (grades), HR information, credit card information, and protected health information, among others.

Often times breaches are simply a result of human error. Please be aware of the following risks.

  • Posting private data on a web site or server share without properly ensuring authorization to access. Identity controls must ensure that a student, or employee has access only to his or her own data. For students this includes scores on assignments and exams. For employees, this includes but is not limited to sick leave documentation, performance evaluations, etc.
  • Inadequate access control (with routine review) to any research data that is intellectual property, which would be invalidated if unauthorized access were to occur.
  • Saving a file with private data to a web site, most often by storing in the myweb drive. Files stored on myweb are automatically made public under the assumption that web sites are intended for public information. Store all private data on myfiles, Active Directory, or NetFiles.
  • Sharing your password is against policy. Please review these password tips.

If you do become aware of a security breach, please report it immediately to the ITSS Help Desk (helpdesk@d.umn.edu, 8847), Linda Deneen (ldeneen@d.umn.edu, 7588), or directly to abuse@umn.edu. Please be aware of this policy, Reporting and Notifying Individuals of Security Breaches.

If you have any questions regarding current or future storage of private data, please don't hesitate to ask for recommendations.

Leave a comment