Re: Employee Non-Disclosure Agreement

[Jeff Choo <jeff_choo () WILLIAMJAMES EDU>]

Hi Franzi,

No one has asked why, and people told me they signed the same thing in the previous jobs so they are not surprised.  My 
boss asked me once and I said it helps with our information security compliance audit to have signed NDA on employee 
file, especially with new rules in financial aid audit and college finance audit now also includes elements of 
information security - it helps in my opinon.

Regards

Jeff

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Franzi 
Willenbuecher
Sent: Thursday, October 11, 2018 1:09 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Employee Non-Disclosure Agreement

Thanks, Jeff! How did you justify the need for an NDA to those employees?

Franzi

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Jeff Choo
Sent: Thursday, October 11, 2018 12:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Employee Non-Disclosure Agreement

Hi Franzi

We only required any employee including work-study students to sign an NDA if they are handling PII, PCI-DSS, or HIPAA 
related data.  This is on top of the of the employee policies handbook, FERPA, and WISP.

Regards,

Jeff


"A problem well put is half solved." - John Dewey

Jeff Choo - Director, Information Technology | Information Security Officer
William James College
One Wells Avenue, Newton, MA 02459
Helpdesk: 617-327-6777 x1600
Direct: 617-564-9344
Email: jeff_choo () williamjames edu<mailto:jeff_choo () williamjames edu>



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Franzi Willenbuecher
Sent: Thursday, October 11, 2018 12:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Employee Non-Disclosure Agreement

Hello,

What is everyone's stance on requiring non-disclosure agreements (possibly in addition to an acceptable use agreement) 
for your employees? If you do require it, how do you justify the need for it?

Thanks,
Franzi



[Emporia State University]
Franzi Willenbuecher
Information Security Training Analyst
Information Technology
Emporia State University
620-341-6704
fwillenb () emporia edu<mailto:fwillenb () emporia edu>
hornet.emporia.edu<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fhornet.emporia.edu&c=E,1,Ak7FKMXoV-9hloAs4lr_WCH1kX0yZSD3wER7cyLascFKx0IZ1cVvwvU09FC0DMOXhDYAtQk0KkonnzU56a7bCAmi74fXdYpzDXrTKBaT9cFbCGpTl3uUi2Mb&typo=1>
[cid:image002.png@01D45735.E1BE3810]   October is National Cyber Security Awareness Month! Learn more at 
hornet.emporia.edu<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fhornet.emporia.edu&c=E,1,nxS_jIXw34FoXV97O6Dw1wNQa4o2PWRxFtRJV1tjXoPxlyCI9M4_VfqIWVdMyRy_iwgtRg8MKqK9iJNsVsn7dbtB-QUBhCAHuXoeG1NGFJBSh7eGddY42A,,&typo=1>
 "Information Security"

This message may contain confidential information intended only for the individual named. If you received this message 
by mistake, please let the sender know by e-mail reply and delete it from your system. If you are not the intended 
recipient you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the 
contents of this information is strictly prohibited.
This message may contain confidential information intended only for the individual named. If you received this message 
by mistake, please let the sender know by e-mail reply and delete it from your system. If you are not the intended 
recipient you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the 
contents of this information is strictly prohibited.