Educause Security Discussion mailing list archives
Re: Windows 10 Privacy Settings and "Regulated" data
From: Kevin Reedy <KReedy () EXCELSIOR EDU>
Date: Fri, 7 Aug 2015 13:21:54 -0400
An additional resource I just came across is Lifehacker's guide to exactly what each of the settings does: http://lifehacker.com/what-windows-10s-privacy-nightmare-settings-actually-1722267229 I think we most likely have a case of slight over reaction to the new and unknown, mixed with a healthy dose of sensational headlines to generate clicks. I will admit on my windows 10 machines most of these settings are set to off, but mostly because I don't see the benefit of them. I'm guessing it will be an easy process for domain admins to manage as well. I do like the ZDNet article mentioning that data collection is nothing new in general - Google and Apple have been doing it for years: Still not private enough for you? Then don't use Windows 10, Chrome OS, iOS, Android, or any other system that's tied closely into the cloud. Instead, use Linux as your desktop operating system. By default, Linux is the only mainstream operating system that still relies primarily on true desktop apps. Kevin Reedy Executive Director, Information Security Excelsior College (518) 464-8720 From: randy <marchany () VT EDU> To: SECURITY () LISTSERV EDUCAUSE EDU, Date: 08/07/2015 12:37 PM Subject: [SECURITY] Windows 10 Privacy Settings and "Regulated" data Sent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> The Windows 10 privacy settings has generated a lot of discussion on various threads lately. I'm concerned about the implications of these setting with respect to some of the regulations that govern EDU "data" such as FERPA, HIPAA, ITAR, PCI, etc. Does Educause have any working groups on this topic? Any thoughts on this? While I don't expect one on Windows 10 specifically, have there been any discussions on regulated (FERPA, HIPAA, ITAR, etc.) to cloud providers? BTW, a good resource for a privacy lockdown guide is at http://www.zdnet.com/article/how-to-secure-windows-10-the-paranoids-guide/. There's an interesting quote in this article: -------------- "Steve Hoffenberg, VDC Research's Director of IoT & Embedded Technology worries, for instance, that these Windows 10's "features" violate Health Insurance Portability and Accountability Act (HIPAA) privacy requirements. If his fears are valid, this means medical offices and health insurance companies should turn off this Windows 10 setting. I doubt he's right, but I'm no lawyer. Even so, were I working with transactions that fall under Sarbanes- Oxley (SOX), Gramm-Leach-Bliley (GLB), or HIPAA, I'd turn off this feature, and its related setting, "Windows 10 Input Personalization." Better safe than sorry." --------------- This quote is why I'm asking the list about this topic. Thanks. Randy Marchany VA Tech IT Security Office & Lab This message and any attachments contain confidential Excelsior College information intended for the specific individual and purpose. If you are not the intended recipient, you should notify the College and delete this message. Any disclosure, copying, distribution or inappropriate use of this message is strictly prohibited.
Current thread:
- Windows 10 Privacy Settings and "Regulated" data randy (Aug 07)
- Re: Windows 10 Privacy Settings and "Regulated" data Kevin Reedy (Aug 07)