All employees of the university are responsible for safeguarding the privacy and security of data stored on their individual computers and on any shared or removable media. They are also responsible for safeguarding all information to which they have been given access via applications, systems, reports, etc.
Every university employee has an obligation to abide by the standards of acceptable and ethical use included in the university's Data Computing Standards.
- Use only those information technology and computing resources for which you are authorized.
- Implement security in your daily interactions with people, data, systems, and facilities.
- Be conscious of the environment around you and notify the appropriate security/system administrators if you notice any security vulnerability.
- Use computing and information technology resources only for their intended purposes.
- Safeguard the integrity of university data by taking reasonable steps to protect it from theft, destruction, unauthorized access, or any form of compromise resulting from negligent acts or omissions.
- Create, access, use, and dispose of university data based on the data classification.
- Back-up data, computer systems, and applications software to allow for recovery if needed.
- Use antivirus software on any computer system which accesses university data or computing systems/resources.
- Obtain authorization from the appropriate data custodian for the processing of university data or conducting university business on home computer systems.
- Perform remote/distributed access to administrative or research computer systems via a virtual private network (VPN).
- Notify the appropriate system, network, and/or security administrator(s) of any suspected or actual security violations/incidents.
- Be aware that the university disclaims any loss or damage to software or data that results from its efforts to enforce its data computing standards.
Violation of university data and computing standards and guidelines may result in:
There are three classifications for university data.
- whose loss, corruption, or unauthorized disclosure would be a violation of Federal or state laws/regulations or university contracts (i.e., protected data)
- whose loss, corruption or unauthorized disclosure may impair the academic, research, or business functions of the university, or result in any business, financial, or legal lost
- which is personally identifiable
- which involves issues of personal privacy
Operational Use Only
- whose loss, corruption, or unauthorized disclosure would not necessarily result in any business, financial or legal loss, but which the university has determined is critical to its business and requires a higher degree of handling than unclassified data.
- which is available to data custodian approved users only
- which does not fall into any of the data classifications noted above
- which may generally be made available without specific data custodian approval
Related information is available on these government sites
- FERPA: the Family Educational Rights and Privacy Act: http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
- HIPAA: Health Information Privacy: http://www.hhs.gov/ocr/privacy/index.html