Data Security and Stewardship Committee Cordelia Camp 101a Wednesday, June 24, 2009 Present Pam Buchanan, Steve Christison, Lisa Gaetano, Larry Hammer, Debbie Justice, Scott Koger, Mary Ann Lochner, Bil Stahl, Zeta Smith, Scott Swartzentruber, and Mike Stewart Absent Gary Jones Recorder Jenny Owen Approval of Minutes Bil Stahl made a motion to approve the minutes from the Data Security and Stewardship Committee (DSSC) meeting that was held on May 27, 2009. There was no opposition, and the motion carried unanimously. Draft Mobile In preparation for his upcoming IT Policy Council meeting, Stahl asked for Communication Device guidance from the DSSC on the draft mobile communication device policy. Policy Primary concerns: o Should we only allow certain mobile communication devices that have password protection and remote deletion capabilities? o Consider requiring that devices be encrypted to current best practice standards/guidelines. o Notify DSSC with 24 hours if device is lost or stolen. o Draft something to the campus community about personal devices being subject to e-discovery if devices are used for business purposes-regardless of whether or not faculty/staff members are accepting stipends. o Issue of employees using synchronization services like Google Sync and MobileMe. Action Items Scott Koger agreed to find out what Chapel Hill and NC State’s procedure is for dealing with mobile communication devices that are connected to litigation. Stahl offered to bring this subject up at the upcoming UNC CIO videoconference. Career Services Web Site It was discovered that if former alumni who graduated prior to WCU’s Banner implementation, attempted to log onto the University’s online job service web site, they were being asked to log on with their social security number and birth date. To correct this, a special login message has been created that instructs alumni who have user accounts with social security numbers to contact Career Services for help creating new accounts without using their social security numbers. Action Items Stahl, Koger, and Larry Hammer will work together to compose a campus email, from the CIO Office, that will ask departments to check with any vendors they might have done business with that would have potentially retained historical data with social security numbers. The email will also include a case study that can be used as an example. Larry Hammer agreed to write the case study. The completion date for this is Monday, June 29. Student Community The Department of Student Community Ethics has requested help on how to Ethics securely archive sensitive data that they must keep for a minimum of seven years. Stahl said this group needs to determine a policy on how things like this should be done. Action Items Stahl will follow up with the department about their request. As a short-term solution, Koger will ask Shandon Bates about encrypting the data.