Re: Faculty handling of student data

["Di Fabio, Andrea" <adifabio () NSU EDU>]

Brian,

State Institutions in Virginia fall under the Virginia IT Agency (VITA)
which has specific policies on the subject.  More specifically you may want
to look at the policies and standards under
http://www.vita.virginia.gov/library/default.aspx?id=537#securityPSGs as a
reference and starting point.

IT Information Security Standard (SEC501-01)
<http://www.vita.virginia.gov/uploadedFiles/Library/PSGs/ITRMSEC501-01ITSecS
td.pdf>  Section 6 on page 21 covers data protection and may be what you are
looking for.
Also, IT Standard Use of Non-Commonwealth Computing Devices to Telework
<http://www.vita.virginia.gov/uploadedFiles/Library/SEC511-00UseofNonCOVAsse
tstoTelework.pdf>  (SEC511-00) covers information on use of PC and laptops.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Basgen, Brian
Sent: Monday, June 30, 2008 2:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Faculty handling of student data


 I'm wondering how institutions address the issue of faculty handling
student data, in the sense of faculty using personal laptops, or taking
student data home with them during the semester, etc. Our general
approach is to tie this into our institutional Acceptable Use policy,
and draw a distinction between legitimate academic use and otherwise
prohibited behavior.

 Having looked around a bit, I haven't been able to find the approach
others have taken. I'm not sure if this is because institutions aren't
specifically addressing this issue, or if I'm just not looking in the
right places. Any and all input appreciated, thanks! :)

~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College

Attachment: smime.p7s
Description: