Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GDPR Question - Part 3

From: "Larry K. Emmons" <lkemmons () SVSU EDU>
Date: Fri, 9 Feb 2018 14:09:28 +0000
Starting to conceptualize and design an authorization/consent/waiver form.
Identifying the data controllers and data processor systems impacted.

Larry K. Emmons
Director of Technology and Support Services
Saginaw Valley State University

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Theresa 
Rowe
Sent: Friday, February 9, 2018 8:50 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] GDPR Question - Part 3

OK, we are all doing a great job discussing scope, as in who does this apply to.  Trying again, once you have campus 
agreement about who is in scope (the population), what are you doing technically?

Theresa Rowe
Chief Information Officer
Oakland University


On Thu, Feb 8, 2018 at 3:09 PM, Theresa Rowe <rowe () oakland edu<mailto:rowe () oakland edu>> wrote:
Around January 8, there was an interesting discussion about the scope of records covered by GPDR.  At one point, John 
Denune summarized it nicely as:
From the EDUCAUSE/Tambellini Group webinar, one of the scenarios presented involved a US faculty member visiting 
Finland on sabbatical. While in Finland, the scenario concluded that:

  *   All personal data the faculty member sends back to the home institution falls under GDPR
  *   This includes the personal data of her US PhD students that she may send back to the US
  *   This also may include all personal data she has with her when she returns to the US.

So let's say you've determined the scope with your GC.  As an IT professional, what are you doing to comply?
At this point, we are documenting our existing data privacy owners, our security officer, our policies on privacy, and 
reusing existing policy.  Are you finding an big action that requires attention?
Theresa Rowe
Chief Information Officer
Oakland University


On Mon, Jan 8, 2018 at 9:50 AM, Pardonek, Jim <jpardonek () luc edu<mailto:jpardonek () luc edu>> wrote:
Good Morning,

We have been having some discussions regarding what population’s records are subject to GDPR.  The discussion centers 
around whether or not the records of US citizens that study abroad fall under GDPR.  Some say it’s only those who are 
citizens of the EU.  Is there any guidance on this topic?

Thanks and have a great day.

Jim

James Pardonek, MS, CISSP, CEH
Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, 
IL<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaps.google.com%2F%3Fq%3D1032%2BW.%2BSheridan%2BRoad%2B%257C%2BChicago%2C%2BIL%25C2%25A0%25C2%25A060660%2B%250D%2B*%2B%250D%2B(**%3A%2B(773*%26entry%3Dgmail%26source%3Dg&data=02%7C01%7Clkemmons%40SVSU.EDU%7Cbbd135239d2942840c2b08d56fc40917%7Cb647ad8ef20040518c2bf72a201521eb%7C0%7C0%7C636537810162272473&sdata=H9iwBEUd9G6Sz%2FRRxG22oEPUjgoEqI9tWtXivOFvmYs%3D&reserved=0>
  
60660<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaps.google.com%2F%3Fq%3D1032%2BW.%2BSheridan%2BRoad%2B%257C%2BChicago%2C%2BIL%25C2%25A0%25C2%25A060660%2B%250D%2B*%2B%250D%2B(**%3A%2B(773*%26entry%3Dgmail%26source%3Dg&data=02%7C01%7Clkemmons%40SVSU.EDU%7Cbbd135239d2942840c2b08d56fc40917%7Cb647ad8ef20040518c2bf72a201521eb%7C0%7C0%7C636537810162272473&sdata=H9iwBEUd9G6Sz%2FRRxG22oEPUjgoEqI9tWtXivOFvmYs%3D&reserved=0>

•: 
(773<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaps.google.com%2F%3Fq%3D1032%2BW.%2BSheridan%2BRoad%2B%257C%2BChicago%2C%2BIL%25C2%25A0%25C2%25A060660%2B%250D%2B*%2B%250D%2B(**%3A%2B(773*%26entry%3Dgmail%26source%3Dg&data=02%7C01%7Clkemmons%40SVSU.EDU%7Cbbd135239d2942840c2b08d56fc40917%7Cb647ad8ef20040518c2bf72a201521eb%7C0%7C0%7C636537810162272473&sdata=H9iwBEUd9G6Sz%2FRRxG22oEPUjgoEqI9tWtXivOFvmYs%3D&reserved=0>)
 508-6086

Loyola University Chicago will never ask your for your username or password.
For the lastest information security news at Loyola, please follow us online,
Twitter: @LUCUISO
Facebook: 
https://www.facebook.com/lucuiso/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Flucuiso%2F&data=02%7C01%7Clkemmons%40SVSU.EDU%7Cbbd135239d2942840c2b08d56fc40917%7Cb647ad8ef20040518c2bf72a201521eb%7C0%7C0%7C636537810162272473&sdata=OLMV8USuvTzqefgF1Kr429RhRF9Cb1P3PvXgzfFq7J0%3D&reserved=0>
Our Blog 
http://blogs.luc.edu/uiso/<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.luc.edu%2Fuiso%2F&data=02%7C01%7Clkemmons%40SVSU.EDU%7Cbbd135239d2942840c2b08d56fc40917%7Cb647ad8ef20040518c2bf72a201521eb%7C0%7C1%7C636537810162272473&sdata=P9Gs642koXn%2FiYRWIR%2BWryEPVDgxm8QwJ18WPVsGmzI%3D&reserved=0>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Joanna Grama
Sent: Monday, October 2, 2017 9:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] October 24 GDPR Webinar from Tambellini Group and EDUCAUSE

Good morning,
Many of us continue to struggle with understanding the scope and finer points of the EU GDPR and its application to US 
higher education institutions. To that end, EDUCAUSE and the Tambellini Group have been working together to share more 
information on this topic and we are pleased to announce an upcoming webinar that you may be interested in.

The jointly sponsored webinar will be held on Tuesday, October 24, 2017, from 1-2pm ET.  You can register for the 
webinar and read more about the webinar content here:  
https://marketing.thetambellinigroup.com/acton/media/10722/gdpr-and-us-higher-education-institutions-webinar<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmarketing.thetambellinigroup.com%2Facton%2Fmedia%2F10722%2Fgdpr-and-us-higher-education-institutions-webinar&data=02%7C01%7Clkemmons%40SVSU.EDU%7Cbbd135239d2942840c2b08d56fc40917%7Cb647ad8ef20040518c2bf72a201521eb%7C0%7C1%7C636537810162272473&sdata=ooJ8n6xlPMTAcSFaHDvCVfZ2%2FwViqPH2rmDw4EqU8Y8%3D&reserved=0>

As GDPR questions have been coming up on our various EDUCAUSE lists, we have been sharing those questions with the 
Tambellini group so that they can be specifically addressed in the upcoming webinar.

Kind regards,
Joanna

(This message has been cross posted on the EDUCAUSE security, privacy, and IT GRC discussion listservs.)

Joanna Grama, JD, CISSP, CRISC, CIPT
Director of Cybersecurity and IT GRC Programs

EDUCAUSE
Uncommon Thinking for the Common Good
282 Century Place, Suite 5000, Louisville, CO 
80027<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaps.google.com%2F%3Fq%3D282%2BCentury%2BPlace%2C%2BSuite%2B5000%2C%2BLouisville%2C%2BCO%2B80027%26entry%3Dgmail%26source%3Dg&data=02%7C01%7Clkemmons%40SVSU.EDU%7Cbbd135239d2942840c2b08d56fc40917%7Cb647ad8ef20040518c2bf72a201521eb%7C0%7C0%7C636537810162272473&sdata=INEn%2B1olwvsPbwrHZdzHtbEzG9vgngbTEf2QSN%2Bijlc%3D&reserved=0>
direct: 720.406.6769 | cell: 720.507.5983 | jgrama () educause edu<mailto:jgrama () educause edu>

Become a Member- Everyone at your organization is an EDUCAUSE member when you join | Access discounts, resources, and 
valuable peer networks | Discover 
membership<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fabout%2Fdiscover-membership&data=02%7C01%7Clkemmons%40SVSU.EDU%7Cbbd135239d2942840c2b08d56fc40917%7Cb647ad8ef20040518c2bf72a201521eb%7C0%7C1%7C636537810162272473&sdata=QmmY6MbI08KhdZ8mtgCpBZ6a8ZcF6IcG4yZ4%2Ba3EtEk%3D&reserved=0>
Previous By Date Next
Previous By Thread Next

Current thread: