Educause Security Discussion mailing list archives

Re: Data "Sharing" Policy

From: "Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Fri, 2 Sep 2011 14:10:49 -0400

Hi Everyone:

The UC Data Protection policy can be found here:

http://www.uc.edu/ucit/policies.html

The interesting thing in my case is that it took almost 14 months to get this through our governance process and then 
the faculty senate,  as you can imagine there were lots of re-writes on the way but it eventually made it all the way 
through.

- Kevin


Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, CRISC, PMP, ITIL Master Certified
Assistant Vice President, Information Security & Special Projects
University of Cincinnati
513-556-9177

The University of Cincinnati is one of America's top public research institutions and the region's largest employer, 
with a student population of more than 41,000.

[cid:image001.gif@01CC697A.202453C0]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy 
marchany
Sent: Friday, September 02, 2011 1:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Data "Sharing" Policy

We have a sensitive data policy & standard at:
http://www.policies.vt.edu/7105.pdf
http://www.it.vt.edu/publications/pdf/3_PIIStandardFinal13June-signed.pdf - this one deals with storing & transmitting  
PII
http://www.it.vt.edu/publications/pdf/2_SensitiveDataStandardRevision1-signed.pdf


Randy Marchany
VA Tech IT Security Office & Lab

On Fri, Sep 2, 2011 at 1:20 PM, Chuck Keeler <keeler_c () mitchell edu<mailto:keeler_c () mitchell edu>> wrote:
This is interesting to me as well ... I am working on one now ... not ready for prime time yet and I would be 
interested to see what others are doing ... we have expanded ours to include data ownership and responsibilities.

___________________________________
Charles Keeler
Mitchell College
Office of Information Technology
Chief Technology Officer
* (860) 701-5254<tel:%28860%29%20701-5254>
* mailto:keeler_c () mitchell edu<mailto:keeler_c () mitchell edu>

From: Kevin Casey <CaseyK () HUSSON EDU<mailto:CaseyK () HUSSON EDU><mailto:CaseyK () HUSSON EDU<mailto:CaseyK () 
HUSSON EDU>>>
Reply-To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV 
EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>>
Date: Fri, 2 Sep 2011 10:40:09 -0400
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE 
EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>>
Subject: [SECURITY] Data "Sharing" Policy

Good morning.  Does anyone have a written policy they could share governing how sensitive data should "move" across 
your organization?  We have a situation where individuals/departments are (for example) collecting info from 
prospective students on their own via the Web.

We need a policy that not only addresses this use of home-grown forms, but also sending sensitive info via 
(unencrypted) email, etc., and even via non-digital means (e.g. applications with SS#s in a briefcase taken off 
campus).  We also need to define what "sensitive," "confidential," etc. means in the context of data....

We have an "acceptable use" policy that mentions this topic, but with inadequate specificity.


Thanks,

Kevin

__________________________________________
Kevin Casey
Executive Director
Information Resources
Phone:  (207) 941-7123<tel:%28207%29%20941-7123>
Fax:  (207) 941-7988<tel:%28207%29%20941-7988>
caseyk () husson edu<mailto:caseyk () husson edu><mailto:caseyk () husson edu<mailto:caseyk () husson edu>>




 Husson University

 www.husson.edu<http://www.husson.edu><http://www.husson.edu/>






IMPORTANT WARNING: The information in this message (and the documents attached to it, if any) is confidential and may 
be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. 
If you are not the intended recipient, any disclosure, copying, distribution or any action taken, or omitted to be 
taken, in reliance on it is prohibited and may be unlawful. If you have received this message in error, please delete 
all electronic copies of this message (and the documents attached to it, if any), destroy any hard copies you may have 
created and notify me immediately by replying to this email. Thank you.

Current thread:

Federal Rules of Evidence Daniel Bennett (Sep 05)
- Re: Federal Rules of Evidence Semmens, Theresa (Sep 05)
  - Data "Sharing" Policy Kevin Casey (Sep 05)
    - Re: Data "Sharing" Policy Hugh Burley (Sep 05)
    - Re: Data "Sharing" Policy Chuck Keeler (Sep 05)
    - Re: Data "Sharing" Policy randy marchany (Sep 05)
    - Re: Data "Sharing" Policy Mclaughlin, Kevin (mclaugkl) (Sep 05)
    - Re: Data "Sharing" Policy Bob Kalal (Sep 05)
    - Re: Data "Sharing" Policy Joel Rosenblatt (Sep 05)
- Re: Federal Rules of Evidence Mark Reboli (Sep 05)
  - Re: Federal Rules of Evidence Bradley, Stephen W. Mr. (Sep 05)
    - Re: Federal Rules of Evidence Mclaughlin, Kevin (mclaugkl) (Sep 05)
    - Re: Federal Rules of Evidence Stephen C. Gay (Sep 05)
    - Re: Federal Rules of Evidence Chuck Keeler (Sep 05)
    - Re: Federal Rules of Evidence Daniel Bennett (Sep 05)
    - Re: Federal Rules of Evidence Parmenus Bowler (Sep 05)
    - Re: Federal Rules of Evidence Madamas Sotiris (Sep 06)

(Thread continues...)