Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

Document 12141088

advertisement 
Data Security and Stewardship Committee
Cordelia Camp 101a
Tuesday, July 28, 2009
Present Pam Buchanan, Steve Christison, Craig Fowler, Lisa Gaetano, Gary Jones,
Debbie Justice, Scott Koger, Mary Ann Lochner, Bil Stahl, Scott Swartzentruber, and
Mike Stewart
Absent Larry Hammer and Zeta Smith
Recorder Jenny Owen
Approval of Minutes
Information Items
Report on Encryption of
Mobil Communication
Devices at Other
Universities
Action Item
 Bil Stahl made a motion to approve the minutes from the Data Security and
Stewardship Committee (DSSC) meeting that was held on June 24, 2009. There
was no opposition, and the motion carried unanimously.
 Bil Stahl opened the meeting by introducing the new CIO, Craig Fowler.
 Stahl said that steps had been taken to prevent any future accidental deletion of
archived email on hard drives in the event the hard drives require reformatting.
Stahl was referring to a recent incident where an individual’s archived email was
inadvertently deleted from the hard drive of their computer when it had to be
reformatted. Stahl explained that even though IT’s standard policy is to not take
responsibility for backing up data, our consultants will be mindful of inquiring
whether or not archived email is kept on local hard drives before performing
reformats.
 DSSC members talked about the lack of available storage on the university servers
for backing up email which results in most university staff members saving their
archived email onto their hard drives.
 Scott Koger reported on what he found out from other UNC system universities
regarding policies for encryption of mobile devices:
o No polices past draft form seem to exist.
o ECU and another institution have shared drafts. ECU has a reference on
their website about a mobile communication device HIPPA compliance
policy, but Koger wasn’t able to locate it.
o The only ratified policy within the UNC system that Koger could find on
mobile communication devices was from Chapel Hill--it was a HIPPA subpolicy from 2002. Koger said he sent Stahl a link to this policy.
 Stahl reminded DSSC members that Executive Council hasn’t yet approved the
draft Mobile Communication Device Policy. Stahl said at the last Information
Technology Policy Council (ITPC) meeting, he asked ITPC members to consider
approving the addition of several other security requirements to the policy such as
requiring encryption, passwords, and remote deletion capabilities.
 Koger said that resources he found on Educause’s website, that are relevant to these
policies, point to whatever current encryption is acceptable to the Federal
Information Security Management Act (FISMA) and the National Institute of
Standards and Technology (NIST.)
 Stahl reminded the group that personal mobile communication devices that are used
for university business could be subject to e-discovery.
 Stahl said he will have to pass, to Fowler, the following action item from the
6-24-09 DSSC meeting:
o Stahl, Koger, and Larry Hammer will work together to compose a campus
email, from the CIO Office, that will ask departments to check with any
vendors they might have done business with that would have potentially
retained historical data with social security numbers. The email will also
include a case study that will provide an example. Larry Hammer agreed to
write the case study.
Governor’s Directive on
Archiving Email
 MaryAnn Lochner reported on the Governor’s directive/executive order to archive
email of high-level executives for 10 years.
 Lochner said UNC-GA is researching whether or not this executive order applies to
the university system. The University of North Carolina General Records Retention
and Disposition Schedule is what the UNC system uses as their official guideline
for archiving public records.
Action Item
 Lochner reminded the group that Electronic Mail Policy (Policy 93) needed to be
revised “sooner rather than later.” She said she will have to work with IT on this.
After the policy has been revised, Lochner added that a substantial education effort
about the policy will have to be arranged for the campus community. Lochner said
her vision is to have a compliance web page with direct links to training.
Windows Live Contract
Action Item
 Lochner reported that our Windows Live contract had expired and that GA was in
the process of negotiating “a uniform contract.” GA is also negotiating with Google
about their email system. Lochner commented that it would be good to have some
provision in the contracts about retention, maintenance, mining, and retrieval of
emails that are classified as FERPA.
 Lochner will email Fowler links to three documents: The University of North
Carolina General Records Retention and Disposition Schedule; E-mail as a Public
Record in North Carolina: A Policy for Its Retention and Disposition; and the NC
Identity Theft Protection Act.
Related documents
Document12141089 12141089
Document12141089 12141089
Document12141079 12141079
Document12141079 12141079
Document12141085 12141085
Document12141085 12141085
Present Pam Buchanan, Steve Christison, Robert Edwards (for
Present Pam Buchanan, Steve Christison, Robert Edwards (for
Posterized portraits
Posterized portraits
Douglas C. Stahl, Ph.D., M.B.A As vice president of clinical research
Douglas C. Stahl, Ph.D., M.B.A As vice president of clinical research
Document12141096 12141096
Document12141096 12141096
Download
advertisement