Re: Data "Sharing" Policy

[Hugh Burley <Hburley () TRU CA>]

TRU has tried to address this with an Information Classification Standard  ( 
http://www.tru.ca/its/infosecurity/Standards/Information_Classification_Standards.html ) for which we are indebted to 
the University of Calgary ( 
http://wcmprod2.ucalgary.ca/policies/files/policies/Information%20Security%20Classification%20Standard.pdf ).  This 
standard has proven relatively easy to convey to end users.
 
Regards,
 
 
Hugh Burley
Thompson Rivers University
ITS - Senior Technology Coordinator
Information Security Officer
CISSP, CIPP/C
BCCOL - 222D
250-852-6351

> > > Kevin Casey <CaseyK () HUSSON EDU> 9/02/11 7:40 am >>>

Good morning.  Does anyone have a written policy they could share governing how sensitive data should "move" across 
your organization?  We have a situation where individuals/departments are (for example) collecting info from 
prospective students on their own via the Web.  
 
We need a policy that not only addresses this use of home-grown forms, but also sending sensitive info via 
(unencrypted) email, etc., and even via non-digital means (e.g. applications with SS#s in a briefcase taken off 
campus).  We also need to define what "sensitive," "confidential," etc. means in the context of data....
 
We have an "acceptable use" policy that mentions this topic, but with inadequate specificity.
 
 
Thanks,
 
Kevin
 

__________________________________________
Kevin Casey 
Executive Director
Information Resources

Phone:  (207) 941-7123

Fax:  (207) 941-7988

caseyk () husson edu

 

 Husson University

 www.husson.edu ( http://www.husson.edu/ )