Policies Overview
As a basis for the Sensitive Data Protection Initiative (SDPI), necessary policies and
procedures were developed to get the entire campus involved. A representative group of
high level administrators called the
Data Stewards was
convened to do the development work along with the Information Security Office (ISO)
and Information Technology Policy and Planning Team.
-
This policy establishes a standard definition of "High Risk Data" and the security
precautions needed to protect that data. This provides the basis for complying
with federal/state laws such as the Gramm-Leach-Bliley Act (GLBA), the Health
Insurance Portability and Accountability Act (HIPAA), the
Family Educational Rights & Privacy Act (FERPA),
and Wisconsin Notification Act 138, and applies to all university data.
-
This policy details the authority and responsibility of the Data Stewards group.
This policy also details the responsibilities of other university personnel when
dealing with High Risk data under the control of a Data Steward.
-
This is an agreement between the employee and the institution that details specific
responsibilities when handling university data. This gives employees an
understanding of what is expected of them, and also provides feedback to the
institution when an employee feels a business practice isn't allowing them to
meet these responsibilities.
-
This is a supporting procedure (and form) to the Roles and Responsibilities Policy.
The request procedure is used to help the Data Stewards maintain an understanding
where and how High Risk data under their control is being used. Employees needing
access to High Risk data are required to submit this form to the assigned Data Steward
for approval.
These policies also drove a number of other projects designed to revise existing business
practices and reduce or eliminate High Risk data across the campus. You can read about
them here.