Educause Security Discussion mailing list archives
Alumni accounts policies
From: Vince Bonura <vbonura () FORDHAM EDU>
Date: Thu, 22 Sep 2016 10:43:38 -0400
Good morning, Everyone! Our IT Risk & Data Integrity team has been in conversations with our Alumni and Development department regarding, among other things, our concern that passwords to access our portal do not expire for any individual with an alumni role. If the individual was only an alumnus, the risk is exposing FERPA protected data. However, if that individual was an ex-employee, there is greater concern that sensitive work information could be exposed, possibly encompassing PII, etc. So, I wanted to take this issue to my fellow colleagues, who also deal with risks and data security concerns for their respective institutions. Can you provide your current policies for: 1 *Portal access for alumni*: How long can they access the portal and what options can they select (e.g. - student records, update address and request transcripts, among other access choices)? 2 *Portal account password expiration*: How long before their account passwords expire? Are expirations different based on their role(s)? 3 *Email access*: How long are their email rights extended for? Do you wipe out their student email and set them up with a clean email account? If their email account is wiped, can they be allowed to forward their email to another email address? Any and all details you can provide would be greatly appreciated. Please respond to me directly. For those interested, you can also notify me directly and I will send you my summary of responses. Thanks in advance! Vince Bonura IT Risk Analyst *Fordham University* *(718) 817-1875*
Current thread:
- Alumni accounts policies Vince Bonura (Sep 22)
- Re: Alumni accounts policies Ben Parker (Sep 22)