Re: Faculty handling of student data

["Payne, Shirley (scp8b)" <scp8b () VIRGINIA EDU>]

Brian,

The University of Virginia recently implemented a policy on electronic storage of highly sensitive data that may be of 
interest to you. The policy is posted at    https://etg07.itc.virginia.edu/policy/policydisplay?id=IRM-015.

Briefly stated, the policy prohibits the storage of highly sensitive data on individual-use electronic devices, unless 
such action has been approved by a vice president or dean. If approval is granted, the data must be encrypted and the 
device has to be protected by certain security safeguards. Storage on electronic media is also addressed.

Shirley

Shirley C. Payne
Director, IT Security and Policy
University of Virginia

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Basgen, 
Brian
Sent: Monday, June 30, 2008 2:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Faculty handling of student data


 I'm wondering how institutions address the issue of faculty handling student data, in the sense of faculty using 
personal laptops, or taking student data home with them during the semester, etc. Our general approach is to tie this 
into our institutional Acceptable Use policy, and draw a distinction between legitimate academic use and otherwise 
prohibited behavior.

 Having looked around a bit, I haven't been able to find the approach others have taken. I'm not sure if this is 
because institutions aren't specifically addressing this issue, or if I'm just not looking in the right places. Any and 
all input appreciated, thanks! :)

~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College