Re: policy question?

["Rosenthal, Jane E." <jer () KU EDU>]

The rubber meets the road on this topic and it's a difficult one.  For
those of you with a policy on Data or Data Classification, you may
already have the requirements of handling the information in one manner
or another (no matter what device or equipment is the mechanism for
dealing with the information).  The transmission and/or storage required
for information on a home PC or mobile smartphone may be the key-in
these tough economic times.  You can certain do a blanket policy for any
HIPAA units and possibly some others.

 

Training and awareness are keys to this issue as well. 

_____________________ 

Jane E. Rosenthal
Director | Privacy Office
The University of Kansas

Voice +1.785.864.9528 | Fax +1.785.864.4463 
Email jer () ku edu | Web http://www.privacy.ku.edu
<http://www.privacy.ku.edu/> 

________________________________

The information transmitted by this email communication, including any
additional pages or attachments, is only for the intended recipient and
may contain confidential and/or privileged material. Any interception,
review, retransmission, disclosure, dissemination, or other use and/or
taking of any action upon this information by persons or entities other
than the intended recipient is prohibited by law and may subject them to
criminal or civil liability. If you received this communication in
error, please contact us immediately at (785) 864-4904, and delete the
communication from any computer or network system or dispose of the
documents as directed. Thank you.

________________________________

 

From: Brad Judy [mailto:win-hied () BRADJUDY COM] 
Sent: Thursday, October 28, 2010 2:51 PM
Subject: Re: policy question?

 

Be careful with such a policy.  Between research funding and personal
funding, a lot of faculty equipment might not technically belong to the
university.  Just ask a typical research lab what items would move with
them if the PI decided to move to another university.  

 

Certain types of schools might be able to provide for all faculty needs
with institutionally-owned computers and equipment, but many would have
major problems without "personally owned" items in use.  Not to mention
the vast amount of university business that is done on personally owned
cell phones and smart phones.  

 

Plus, there's the issue of third-party owned equipment on the university
network, but that issue has an option of contractual security
requirements.  

 

Brad Judy

 

Emory University

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade
Sent: Thursday, October 28, 2010 3:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] policy question?

 

I was wondering if other institutions have a general Policy that

 

a)       explicitly prohibits Employees and administrators from using
personal laptops or computing equipment for conducting university
business ? The Assumption is that they are provided university owned
equipment with standard images with up to-date security updates and
protection. 

b)      Prohibits Student Workers/GA's from handling confidential
information when working with certain departments.

 

 

Thanks,

Anand

 

 

 

Anand Malwade

IT Security

Seton Hall University