Re: Faculty handling of student data

["Payne, Shirley (scp8b)" <scp8b () VIRGINIA EDU>]

Here's the policy definition for "Individual-Use Electronic Devices":

Computer equipment, whether owned by the University or an individual, that has a storage device or persistent memory, 
such as desktop computers, laptops, tablet PCs, BlackBerrys and other personal digital assistants (PDAs), and smart 
phones. For purposes of this policy, the term does not include shared purpose devices, such as servers (including 
shared drives), printers, routers, switches, firewall hardware, clinical workstations, medical devices (e.g., EKG 
machines), etc.

The policy doesn't address browser caches. Not a 100% solution, I know, but compliance with what is included will 
greatly reduce risks we face here.

Shirley

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis 
Kletnieks
Sent: Monday, June 30, 2008 3:17 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Faculty handling of student data

On Mon, 30 Jun 2008 14:57:33 EDT, "Payne, Shirley (scp8b)" said:

> Briefly stated, the policy prohibits the storage of highly sensitive
> data on individual-use electronic devices

Out of curiosity, what does the policy say about browser caches on said electronic devices? And what do you define as 
"individual-use"?  In many cases, that would cover almost everything except central servers - which is OK, as long as 
that's understood.