Data Security and Stewardship Committee
Cordelia Camp 101a
Wednesday, June 24, 2009
Present Pam Buchanan, Steve Christison, Lisa Gaetano, Larry Hammer, Debbie Justice,
Scott Koger, Mary Ann Lochner, Bil Stahl, Zeta Smith, Scott Swartzentruber, and
Mike Stewart
Absent Gary Jones
Recorder Jenny Owen
Approval of Minutes  Bil Stahl made a motion to approve the minutes from the Data Security and
Stewardship Committee (DSSC) meeting that was held on May 27, 2009. There
was no opposition, and the motion carried unanimously.
Draft Mobile  In preparation for his upcoming IT Policy Council meeting, Stahl asked for
Communication Device
guidance from the DSSC on the draft mobile communication device policy.
Policy
Primary concerns:
o Should we only allow certain mobile communication devices that have
password protection and remote deletion capabilities?
o Consider requiring that devices be encrypted to current best practice
standards/guidelines.
o Notify DSSC with 24 hours if device is lost or stolen.
o Draft something to the campus community about personal devices
being subject to e-discovery if devices are used for business purposes-regardless of whether or not faculty/staff members are accepting
stipends.
o Issue of employees using synchronization services like Google Sync
and MobileMe.
Action Items  Scott Koger agreed to find out what Chapel Hill and NC State’s procedure is for
dealing with mobile communication devices that are connected to litigation.
 Stahl offered to bring this subject up at the upcoming UNC CIO videoconference.
Career Services Web Site
 It was discovered that if former alumni who graduated prior to WCU’s Banner
implementation, attempted to log onto the University’s online job service web site,
they were being asked to log on with their social security number and birth date.
 To correct this, a special login message has been created that instructs alumni who
have user accounts with social security numbers to contact Career Services for help
creating new accounts without using their social security numbers.
Action Items  Stahl, Koger, and Larry Hammer will work together to compose a campus email,
from the CIO Office, that will ask departments to check with any vendors they
might have done business with that would have potentially retained historical data
with social security numbers. The email will also include a case study that can be
used as an example. Larry Hammer agreed to write the case study. The completion
date for this is Monday, June 29.
Student Community  The Department of Student Community Ethics has requested help on how to
Ethics
securely archive sensitive data that they must keep for a minimum of seven years.
Stahl said this group needs to determine a policy on how things like this should be
done.
Action Items  Stahl will follow up with the department about their request.
 As a short-term solution, Koger will ask Shandon Bates about encrypting the data.