Re: Faculty handling of student data

["Basgen, Brian" <bbasgen () PIMA EDU>]

 I'm trying to draw out whether or not institutions make any kind of
exceptions/distinctions for faculty use. 

 For example, we have a large number of adjunct faculty, who do not have
dedicated offices/computers. Therefore, it isn't uncommon for them to
use their own laptop. Similarly, faculty may have local grade
tabulations, or perhaps take a stack of exams home to grade. Thus, we
are looking to build our policy around the way that faculty works, yet
manage it with reason. A lot of what I see is a sensible approach for
staff, but doesn't seem to address the unique needs of faculty.  


> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mark Houpt
> Sent: Monday, June 30, 2008 12:01 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Faculty handling of student data
>
> We tie this in with our Corporate Computing and Information Security
> Policy.
> In that we have "data classification" levels and proper handling of
> that
> data is dictated by the classification level, not the system it is on
> or
> situation it is in. For example, if we have a confidential piece of
> information that level has a dictated set of handling characteristics
/
> instructions that include data must remain encrypted at all times, No
> dissemination to non-LCCS personnel without a signed Non Disclosure
> Agreement (NDA) etc.
>
> Mark A. Houpt
> Director of Campus Technology
> Lincoln Christian College and Seminary
> 100 Campus View Dr
> Lincoln IL. 62656
> (217) 732-3168
> http://www.lccs.edu
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Basgen, Brian
> Sent: Monday, June 30, 2008 1:36 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Faculty handling of student data
>
>
>  I'm wondering how institutions address the issue of faculty handling
> student data, in the sense of faculty using personal laptops, or
taking
> student data home with them during the semester, etc. Our general
> approach is to tie this into our institutional Acceptable Use policy,
> and draw a distinction between legitimate academic use and otherwise
> prohibited behavior.
>
>  Having looked around a bit, I haven't been able to find the approach
> others have taken. I'm not sure if this is because institutions aren't
> specifically addressing this issue, or if I'm just not looking in the
> right places. Any and all input appreciated, thanks! :)
>
> ~~~~~~~~~~~~~~~~~~
> Brian Basgen
> Information Security
> Pima Community College
>
> ______________________________________________________________________
> This email has been scanned by the LCCS Email Security System.
> ______________________________________________________________________