Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.
Substantive Change: HSD on Individual-Use Devices
Last modified
August 11, 2023 - 11:04am
Post date
December 18, 2020 - 10:33am
Effective: November 24, 2020
The standard and procedure for Highly Sensitive Data Protection for Individual-Use Electronic Devices or Media were extensively change. The procedure was removed because it has been superseded by the Policy, Standards, and Procedures Exceptions standard as the way to request storage of HSD on individual-use electronic devices and media. The existing Highly Sensitive Data Protection Standard for Individual-Use Electronic Devices or Media was changed to such degree that it is not possible to list all the changes here. Reviewing the revised standard carefully is highly recommended.
CHANGED
Changed the section from the Procedures titled Destruction of Official University Records to Secure Deletion of Files and added items about data removal here.
ADDED
The Purpose and Background was revised to specify the UVA agencies and users to which it applies as well as reference to the University of Virginia Data Protection of University Information (IRM-003) policy.
Four new sections (some items from old sections of the standard and procedure were incorporated into these).
- User’s Responsibilities
- Required Approval for Storage of HSD on any individual-use electronic device or media
- Required Reporting of the Loss of Highly Sensitive Data (HSD)
- Secure Deletion of Files
Unauthorized disclosure was included and defined.
Multiple new Related Links were added.
REMOVED
The section FINDING AND REMOVING HIGHLY SENSITIVE DATA (HSD) which included a requirement for quarterly scanning of individual-use devices for HSD and remediation if found. This section was removed because:
- the requirement is covered in the University Data Protection Standards
- it is not appropriate in this standard because if storage of HSD is approved, scanning for HSD is not required (or necessary).
- it is better covered in the “Protection of HSD” standard that is being revised from the current University Use of HSD standard).
The section in the Procedure: REQUIRED SAFEGUARDS FOR STORAGE OF HSD ON INDIVIDUAL-USE ELECTRONIC DEVICES OR MEDIA was revised and incorporated into a new section.
RELATED LINKS:
- Highly Sensitive Data on Individual Use Procedure
- Highly Sensitive Data Storage Request Form (approvalform.doc) [no longer needed, use the Exception Request process instead.