November 13, 2014

New sensitive information standards in effect

A new standard for the safe handling of sensitive information is in effect for all faculty and staff and will be implemented over time with the assistance of departmental Local Area Network (LAN) Administrators. In some cases, but only under isolated circumstances, student workers may also be affected.

The new standard is driven in large part by a recent audit review, as well as the desire and necessity to protect sensitive, or confidential, information by campus constituents.  Sensitive, or confidential, information is defined as “highly restricted” under the SIU Carbondale Data Classification Policy.  Examples of “highly restricted” data include:

  • Payment Card Industry (PCI) data including credit card information.
  • Health Insurance Portability and Accountability Act (HIPAA) data that refers to medical-related information.
  • Personal Information Protection Act (PIPA) data, including Social Security number, driver’s license or state identification card numbers and credit card or debit card account numbers.
  • Other applicable federal and state privacy laws that affects data that would financially impact the university should the data be compromised.

The standard essentially requires all users of “highly restricted” data to take proper precautions when protecting data in electronic or paper form.  Requirements include encryption techniques for electronic data at rest and in transit, as well as proper security procedures for paper documents including lockable offices and filing cabinets, redaction, and disposal (shredding) of information when no longer needed.

Authority for this standard is granted by the SIU Board of Trustees policy, SIU System Information Security Plan, and the SIU Carbondale Information Security Program, or ISP.

The new standard is available here.  It is a joint effort between Information Technology and Library Affairs.  Please direct any questions to the information security team at security@siu.edu.  The responsibility for security rests with all of us.  Security of information and systems can only be successful with the cooperation and support of each SIU Carbondale faculty, staff, and student.  Please join us in that effort.