Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.
Effective: November 24, 2020
The standard and procedure for Highly Sensitive Data Protection for Individual-Use Electronic Devices or Media were extensively change. The procedure was removed because it has been superseded by the Policy, Standards, and Procedures Exceptions standard as the way to request storage of HSD on individual-use electronic devices and media. The existing Highly Sensitive Data Protection Standard for Individual-Use Electronic Devices or Media was changed to such degree that it is not possible to list all the changes here. Reviewing the revised standard carefully is highly recommended.
Changed the section from the Procedures titled Destruction of Official University Records to Secure Deletion of Files and added items about data removal here.
The Purpose and Background was revised to specify the UVA agencies and users to which it applies as well as reference to the University of Virginia Data Protection of University Information (IRM-003) policy.
Four new sections (some items from old sections of the standard and procedure were incorporated into these).
Unauthorized disclosure was included and defined.
Multiple new Related Links were added.
The section FINDING AND REMOVING HIGHLY SENSITIVE DATA (HSD) which included a requirement for quarterly scanning of individual-use devices for HSD and remediation if found. This section was removed because:
The section in the Procedure: REQUIRED SAFEGUARDS FOR STORAGE OF HSD ON INDIVIDUAL-USE ELECTRONIC DEVICES OR MEDIA was revised and incorporated into a new section.
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.