Educause Security Discussion mailing list archives
Windows 10 Privacy Settings and "Regulated" data
From: randy <marchany () VT EDU>
Date: Fri, 7 Aug 2015 12:36:27 -0400
The Windows 10 privacy settings has generated a lot of discussion on various threads lately. I'm concerned about the implications of these setting with respect to some of the regulations that govern EDU "data" such as FERPA, HIPAA, ITAR, PCI, etc. Does Educause have any working groups on this topic? Any thoughts on this? While I don't expect one on Windows 10 specifically, have there been any discussions on regulated (FERPA, HIPAA, ITAR, etc.) to cloud providers? BTW, a good resource for a privacy lockdown guide is at http://www.zdnet.com/article/how-to-secure-windows-10-the-paranoids-guide/. There's an interesting quote in this article: -------------- "Steve Hoffenberg, VDC Research <http://www.vdcresearch.com/>'s Director of IoT & Embedded Technology worries, for instance, that these Windows 10's "features" violate Health Insurance Portability and Accountability Act (HIPAA) privacy requirements <https://www.linkedin.com/pulse/does-windows-10-violate-hipaa-steve-hoffenberg?trk=hp-feed-article-title-like>. If his fears are valid, this means medical offices and health insurance companies should turn off this Windows 10 setting. I doubt he's right, but I'm no lawyer. Even so, were I working with transactions that fall under Sarbanes- Oxley (SOX) <http://www.soxlaw.com/>, Gramm-Leach-Bliley (GLB) <https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act>, or HIPAA <https://www.hipaa.com/>, I'd turn off this feature, and its related setting, "Windows 10 Input Personalization." Better safe than sorry." --------------- This quote is why I'm asking the list about this topic. Thanks. Randy Marchany VA Tech IT Security Office & Lab
Current thread:
- Windows 10 Privacy Settings and "Regulated" data randy (Aug 07)
- Re: Windows 10 Privacy Settings and "Regulated" data Kevin Reedy (Aug 07)