Alumni accounts policies

[Vince Bonura <vbonura () FORDHAM EDU>]

Good morning, Everyone!



Our IT Risk & Data Integrity team has been in conversations with our Alumni
and Development department regarding, among other things, our concern that
passwords to access our portal do not expire for any individual with an
alumni role.



If the individual was only an alumnus, the risk is exposing FERPA protected
data.  However, if that individual was an ex-employee, there is greater
concern that sensitive work information could be exposed, possibly
encompassing PII, etc.



So, I wanted to take this issue to my fellow colleagues, who also deal with
risks and data security concerns for their respective institutions.  Can
you provide your current policies for:



1  *Portal access for alumni*: How long can they access the portal and what
options can they select (e.g. - student records, update address and request
transcripts, among other access choices)?

2  *Portal account password expiration*: How long before their account
passwords expire? Are expirations different based on their role(s)?

3  *Email access*: How long are their email rights extended for?  Do you
wipe out their student email and set them up with a clean email account? If
their email account is wiped, can they be allowed to forward their email to
another email address?

Any and all details you can provide would be greatly appreciated.



Please respond to me directly.  For those interested, you can also notify
me directly and I will send you my summary of responses.



Thanks in advance!



Vince Bonura
IT Risk Analyst

*Fordham University*
*(718) 817-1875*