Data Security and Stewardship Committee
Cordelia Camp 101a
Thursday, November 18, 2010
Present Shea Browning, Pam Buchanan, Steve Christison, Craig Fowler,
Lisa Gaetano, Larry Hammer, Scott Koger, Mike Stewart, and
Scott Swartzentruber.
Absent Debbie Justice, Zeta Smith, Kay Turpin
Recorder Jenny Owen
Approval of Minutes

The minutes from the October 22, 2010, Data Security and
Stewardship Committee (DSSC) meeting were approved.
Cloud Computing

Collection of data for Cleary Disclosure Reporting will discontinue using the Google cloud to gather and store data.
Action Item – Cloud
Computing
Action Items - Destruction of
Removable Media
Action Items - Data
Gathering
Instead, the data will be gathered by using paper forms and email until other solutions have been investigated.

Fowler asked Anna McFadden to add secure data collection to the agenda of the Infrastructure Technology Advisory Committee meeting on December 9.

Fowler asked Koger to work with William Frady and
Shandon Bates to provide a recommendation of a vendor who will provide the service of collecting removable media and destroying it.

Steve Christison will send Koger the names of two firms in
Knoxville who do this.

After a lengthy discussion about the data gathering document, the following was agreed upon: o Lisa Gaetano will change the title to “Procedure for
Collecting & Securing Electronic Data in Potential
Misuse Situations.” o Shea Browning will also make a few minor revisions. o Gaetano will send the revised document to DSSC members to review prior to the next meeting on
December 8.
Action Items - CIRTS Policy

The Computer Incident Response Team (CIRTS) Policy was
Request from the College of
Education & Allied
Professions (CEAP) approved. This policy will be recorded as DSSC Policy
Number 1. It will be placed on the H: drive in the “Campus
Internal Policies” folder.

Fowler asked Browning to find out if the policy should follow the same format as our University policies.

McFadden brought forward a request from the College of
Education and Allied Professions (CEAP) to purchase server space to collect and manage student data that will be used for administrative purposes such as reporting and licensing.
Page 1 of 2

Action Items - CEAP
McFadden provided a handout that listed the types of data that will be stored on the proposed server. Currently, this data is being collected by hand.

The proposed server will be located in the Data Center in Forsyth.

McFadden said CEAP would like to purchase the server by no later than January 1, 2011. She added that CEAP had factored in future maintenance costs for this server.

Koger and Gaetano will also look into what the data handling procedures are at our sister institutions.

McFadden will write a memo of understanding to CEAP that states the DSSC is okay with the purchase of the requested server; however, the purchase of the server should not imply that DSSC has approved the project itself. The DSSC cannot guarantee the committee approval process or timing.
Personal Data Retrieval

Hammer read a brief two-paragraph document entitled Personal
Data Retrieval . He asked DSSC members for their endorsement of this conceptual document.
Action Item – Personal Data
Retrieval

After a lengthy discussion it was determined that this should be added to projects discussions through the committee process.
Misc. Action Item

Gaetano asked that the DSSC re-review Policy 95 after new updates are made in the next week or so.
Page 2 of 2