Data Protection
Users must comply with all University policies and standards for the data to which they have been granted the ability to view, copy, generate, transmit, store, download, or otherwise acquire, access, remove, or destroy. Users must also meet any additional compliance requirements for data protection stipulated by various governmental, legal, or contractual entities.
Policy
Electronically Stored Information Release
Highly Sensitive Data Protection Standard for Individual-Use Electronic Devices or Media
Protection of Highly Sensitive Data Standard
University Data Protection Standards (UDPS 3.0)
University Use of Highly Sensitive Data --> Replaced by Protection of Highly Sensitive Data Standard and Protection of Highly Sensitive Data Procedures
Electronic Data Removal Procedures
Electronically Stored Information Release Procedures
Highly Sensitive Data Protection Procedures for Individual-Use Electronic Devices or Media >> Replaced by Highly Sensitive Data Protection Standard for Individual-Use Electronic Devices or Media
Protection of Highly Sensitive Data Procedures
Remediation of Highly Sensitive Data in Email (O365)
External Assessment Review Procedures > Replaced by Vendor Security Review Standard
Procedures on the Use of Data Loss Prevention (DLP) Tools No longer licensed.
Information Security
Owners and overseers of the University’s information technology (IT) resources must take reasonable care to eliminate security vulnerabilities from those resources.
Policy
Information Security of University Technology Resources (IRM-004)
Elevated Workstation Privileges --> Replaced by Administrative Privileges on University Endpoints Procedure
Information Security Risk Management
Reporting an Information Security Incident
Revoking Information Technology Resource Privileges
Security of Network-Connected Devices--> Renamed Security of Connected Devices
Privacy & Confidentiality
The University is committed to the privacy of individuals and to safeguarding information about individuals subject to limitations imposed by local, state, and federal law and other provisions described in the policies, standards, and procedures listed below. The University, as steward of public resources and electronic information, shall respond to requests for electronic information in an orderly manner consistent with state and federal law and the policies, standards, and procedures listed below.
Policy
Privacy and Confidentiality of University Information (IRM-012
Exceptions
We understand the need for flexibility in becoming compliant with the updated policies, so a new process has been developed to request exceptions to a policy, standard, or procedure. There must be a legitimate business reason and proof that any potential risks will be mitigated before placing an exception request.