Menu
Home > Policies > Policy & Procedure >
Policy & Procedure
Policy Title :
Data Protection Policy
Policy Number :
VIII. 4
Responsible Party :
Information Technology
Effective Date :
08/01/2014
Revised Date :
_______________________

Purpose

To protect PMU sensitive data from unauthorized disclosure and inappropriate use.

Statement :

·       It is the responsibility of each individual with access to sensitive data resources to use these resources in an appropriate manner. Additionally, it is the responsibility of each individual with access to sensitive data resources to safeguard these resources. Methods of safeguarding sensitive data include:

 

●     Sensitive data should not be stored on personal desktop or laptop computers since these computers tend to reside in less secure locations than central servers.

●     Access to computers that are logged into central servers storing sensitive data should be restricted (i.e. authenticated logins and screen savers, locked offices, etc.).

●     Access to sensitive data resources stored on central servers should be restricted to those individuals with an official need to access the data.

●     All servers containing sensitive data must be housed in a secure location and operated only by authorized personnel.

●     Copies of sensitive data resources should be limited to as few central servers as possible.

●   Sensitive data should be transmitted across the network in a secure manner (i.e., to secure web servers using data encryption with passwords transmitted via secure socket layer, etc.).

●   Any accidental disclosure or suspected misuse of sensitive data should be reported immediately to the appropriate University official.

●   All the critical data will be available in the application for one year and will be archived according to the backup policy.

 

Definition

Sensitive Data - any information that could cause an individual personal financial harm if disclosed and used improperly. Examples of sensitive data include but  are not limited to social security numbers, credit card numbers, computer passwords, and any personal information flagged for non-disclosure.