Data Security and Stewardship Committee
Cordelia Camp 101a
Wednesday, May 27, 2009
Present Pam Buchanan, Steve Christison, Lisa Gaetano, Larry Hammer, Gary Jones,
Debbie Justice, Scott Koger, Mary Ann Lochner, Bil Stahl, Scott Swartzentruber, and
Mike Stewart
Absent Zeta Smith
Recorder Jenny Owen
Approval of Minutes  Bil Stahl made a motion to approve the minutes from the Data Security and
Stewardship Committee (DSSC) meeting that was held on Thursday,
April 30, 2009. There was no opposition, and the motion carried unanimously.
Role of the DSSC in
the University’s
Disaster Preparedness
Planning
Action Item
 Stahl reported that Chancellor Bardo has established a disaster preparedness and
recovery team whose objectives will be to update and revise business continuity
plans across the University and to develop an all-hazards plan for the University.
Stahl explained that the newly appointed Disaster Preparedness and Recovery Team
will be responsible for ongoing, programmatic oversight for the University’s
disaster preparedness. Stahl said there will be times when DSSC will be asked to
follow up on items from the Disaster Preparedness and Recovery Team.
 Stahl will notify the DSSC when the University’s State IT Audit is released
sometime in July. Stahl added that access control was a large part of this audit.
Oversight of Policy 106 –
Identity Theft Prevention
Program
 Mary Ann Lochner talked to DSSC members about their new role in helping to
oversee the University’s new Policy 106 – Identity Theft Prevention Program.
Lochner explained that this new policy came about because of a federal requirement
for organizations to establish identity theft programs. Since the University has a
role as a “creditor” under certain circumstances, this federal requirement applied to
us. The CIO (as program administrator for this policy) will be delegating to DSSC
members, Policy 106-related issues. Lochner suggested DSSC members review the
policy or at least to read pages 1-8. She added that several other internal policies
and procedures were appended to Policy 106.
 The WCU Board of Trustees will formally adopt and approve Policy 106 at their
upcoming meeting on June 5.
 The FTC gave the University until August 1 to fully implement the policy.
 Lochner explained how she thought the DSSC might work to help the University
become compliant with Policy 106 by the August 1 deadline:
o Those DSSC members, who work in the “broad areas” that would be
affected by Policy 106, would help those areas to develop activities,
policies and/or procedures that would make them compliant. Then those
DSSC members would bring any proposed activities, policies and/or
procedures to the DSSC for review.
Action Item
 After a lengthy discussion, Lochner said she would create some standard forms for
(1) vendor amendments to existing contracts, and (2) addenda to contracts that we
are negotiating. These forms will be necessary in order to comply with both Gramm
Leach Bliley and with Red Flag Rules. Lochner will send the draft forms to DSSC
members for review.