Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

University Data Protection

No description
by

Lendsey Smith

on 11 July 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of University Data Protection

Student
Which Are You?
Staff
Faculty
Other
Here are lists of generalized data that is protected, though you may not be a Student, Staff, or Faculty member.
University Data Protection
Who Are You?
Student
What Type of Data Do You Have?
Research Student
What Type of Data Do You Have?
Student Worker
What Type of Data Do You Have?
Co-Op/Internship
What Type of Data Do You Have?
Educational
All educational data is protected under the Family Educational Rights and Privacy Act, also known as FERPA. This is the federal law that governs the release of and access to student records.
Financial
All financial data is protected under the Gramm-Leach-Bliley Act, also known as GLBA. Which serves the purpose of protecting financial information obtained about customers.
Research
Is this data export controlled?
Medical
All medical data is protected under the Health Insurance Portability and Accountability Act. Also known as HIPAA. This is the federal law that prescribes the standard for protecting health related information.
Educational
Medical
All medical data is protected under the Health Insurance Portability and Accountability Act. Also known as HIPAA. This is the federal law that prescribes the standard for protecting health related information.


*Most information regarding students is still under the protection of FERPA, which is the Family Educational Rights and Privacy Act. This is the federal law that governs the release of and access to student records. Those items are labeled with an asterisk.

Financial
Educational
All educational data is protected under the Family Educational Rights and Privacy Act, also known as FERPA. This is the federal law that governs the release of and access to student records.
Medical
All medical data is protected under the Health Insurance Portability and Accountability Act. Also known as HIPAA. This is the federal law that prescribes the standard for protecting health related information.

*Most information regarding students is still under the protection of FERPA, which is the Family Educational Rights and Privacy Act. This is the federal law that governs the release of and access to student records. those items are labeled with an asterisk.
Financial
All financial data is protected under the Gramm-Leach-Bliley Act, also known as GLBA. Which serves the purpose of protecting financial information obtained about customers.

*Most financial information regarding students is still under the protection of FERPA, which is the Family Educational Rights and Privacy Act. This is the federal law that governs the release of and access to student records. Those items are labeled with an asterisk.
Educational
All educational data is protected under the Family Educational Rights and Privacy Act, also known as FERPA. This is the federal law that governs the release of and access to student records.
Medical
All medical data is protected under the Health Insurance Portability and Accountability Act. Also known as HIPAA. This is the federal law that prescribes the standard for protecting health related information.

*Most financial information regarding students is still under the protection of FERPA, which is the Family Educational Rights and Privacy Act. This is the federal law that governs the release of and access to student records. those items are labeled with an asterisk.
Financial
All financial data is protected under the Gramm-Leach-Bliley Act, also known as GLBA. Which serves the purpose of protecting financial information obtained about customers.

*Most financial information regarding students is still under the protection of FERPA, which is the Family Educational Rights and Privacy Act. This is the federal law that governs the release of and access to student records. those items are labeled with an asterisk.
Research
Public Data
This data requires no confidentiality, and is readily available to the public.
Restricted Data
Sensitive information stored at the highest security level.
Controlled Data
Course Catalogs
Campus Maps
Directory Information About Faculty and Staff
High-Level Enrollment Statistics
Admissions Information
Schedule of Classes
Ratings and Rankings of UC
Data on Website for General Public
Sensitive information that has been promised confidentiality.
Name
Date of Birth
Place of Birth
Directory Address and Phone Number
Campus Office Address
Mailing Address
Secondary Mailing Address
Residence Assignment/Room Number
Attendance Dates
Social Security Number
Drivers License Number
State ID Card Number
Full Name and Date of Birth
Any Cumulative Grade Listing
Transcripts
Student Financial Services Information
Credit Card Numbers
Bank Account Numbers
Wire Transfer Information
Payment History
Financial Aid/Grant Information
Student Tuition Bills
All educational data is protected under the Family Educational Rights and Privacy Act, also known as FERPA. This is the federal law that governs the release of and access to student records.
All financial data is protected under the Gramm-Leach-Bliley Act, also known as GLBA. Which serves the purpose of protecting financial information obtained about customers.
*Most financial information regarding students is still under the protection of FERPA, which is the Family Educational Rights and Privacy Act. This is the federal law that governs the release of and access to student records. those items are labeled with an asterisk.
Public Data
This data requires no confidentiality, and is readily available to the public.
Restricted Data
Sensitive information stored at the highest security level.
Controlled Data
Sensitive information that has been promised confidentiality.
Social Security Number
Student Financial Services Information
*
Credit/Debit Card Numbers
Personal Financial Account Numbers
Personal Payment History
*
Personal Financial Aid/Grant information
*
Student Tuition Bill
*
Student Loan Information
*
Tuition and Fees
General Financial Aid Information
Scholarships Opportunities
Grant Opportunities
Blank FAFSA Forms
Student Job Opportunities
University Budgets
Satisfactory Academic Progress Policy
Public Data
This data requires no confidentiality, and is readily available to the public.
Restricted Data
Health Insurance Policy Number
Personal Health Records
Social Security Numbers
Drivers License Number
State ID Card Number
Biometric Identifier
All Protected Health Information
Controlled Data
Sensitive information that has been promised confidentiality.
Research
Is this export controlled data?
Research
Is this export controlled data?
Educational
Research
Is it export controlled data?
Financial
Medical
Research
This includes: All Emeritus Faculty, All Tenure Faculty, The President, Deans, Undergraduate Directors, Professors, Assistant Professors, Associate Professors, Adjunct Associate Professors

What Type of Data Do You Have?
Financial
Educational
Medical
This includes all university and medical staff such as: Nurses, Doctors, Advisers, Associate Deans, Assistant Deans, Administrative Directors, Assistant Directors, Senior Grant Administrators, Research Professionals, Financial Administrators, and Coordinators

What Type of Data Do You Have?
Educational
All educational data is protected under the Family Educational Rights and Privacy Act, also known as FERPA. This is the federal law that governs the release of and access to student records.
Financial
All financial data is protected under the Gramm-Leach-Bliley Act, also known as GLBA. Which serves the purpose of protecting financial information obtained about customers.
This also includes Human Resources Information.

Medical
All medical data is protected under the Health Insurance Portability and Accountability Act. Also known as HIPAA. This is the federal law that prescribes the standard for protecting health related information.
Research
Is this export controlled data?
Yes
All export controlled data is Restricted.
No
Yes
All export controlled data is restricted.
No
Public Data
• De-Identified Research Data
• Published Research
• Any Information on-
• The Office of Research Website
• University Research Budgets

Controlled Data
• Research Results Where:
o Confidentiality Was Promised
o Although Not Required
• Limited Research Data Sets
• Unpublished Research

Restricted Data
• All Export Controlled Data
• Identifiable Research Subject Data
• Data From Human Subject Research

Public Data
Student Worker Openings
Student Worker Handbook
All Information on Student Employment Website
For Student Educational Information See “Student” Section
Controlled Data
• Name
• Date of Birth
• Place of Birth
• Campus Office Address
• Mailing Address
• Secondary Mailing Address
• Residence Assignment/Room Number
• Attendance Dates
• Enrollment Status

Restricted Data
• Social Security Number
• Driver’s License Number
• State ID Card Number
• Any Cumulative Grade Listing
• Transcripts

Public Data
• Pay Scales
• Bonus Information
• General Financial Aid Information
• Student Job Opportunities
• University Budgets

Restricted Data
• Student Financial Services Information
*
• Credit/Debit Card Numbers
• Personal Financial Account Numbers
• Personal Payment History
*
• Personal Financial Aid/Grant information
*
• Student Tuition Bill
*
• Student Loan Information
*


Public Data
• Any Information Provided on
o University Student Wellness website
o Counseling and Psychological Services website
o University Health Services
• Student Health Insurance Booklet
• Health Insurance Waiver
• Health Insurance Benefits

Controlled Data
• Name
*
• Date of Birth
*
• Place of Birth
*
• Campus Office Addresses
*
• Mailing Address
*
• Secondary Mailing Address
*
• Residence Assignment/Room Number
*

Restricted Data
• Health Insurance Policy Number
• Personal Health Records
• Social Security Number
• Drivers License Number
• State ID Card Number
• Biometric Identifier
• All Protected Health Information

Public Data
Lists of Undergraduate Research Programs
Lists of Graduate Research Programs
Lists of Support Programs
Interdisciplinary Research Programs
Restricted Data
• Social Security Number
• Driver’s license Number
• State ID Card Number
• Any Cumulative Grade Listing
• Transcripts


Controlled Data
• Name
• Date of Birth
• Place of Birth
• Campus Office Address
• Mailing Address
• Secondary Mailing Address
• Residence Assignment/Room Number
• Attendance Dates


Public Data
Restricted Data
Controlled Data
• Time Card Information
• Pay Stubs
• Stipend Information
• Name
*
• Date of Birth
*
• Place of Birth
*
• Campus Office Addresses
*
• Mailing Address
*
• Secondary Mailing Address
*
• Residence Assignment/Room Number
*

Controlled Data
• Research Results Where:
o Confidentiality Was Promised
o Although Not Required
• Limited Research Data Sets
• Unpublished Research
• Name
*
• Date of Birth
*
• Place of Birth
*
• Campus Office Address
*
• Mailing Address
*
• Secondary Mailing Address
*
• Residence Assignment/Room Number
*
Restricted Data
• All Export Controlled Data
• Identifiable Research Subject Data
• Data From Human Subject Research
• Social Security Number
• Driver’s License Number
• State ID Card Number
• Personal Health Information
• Protected Health Information

Public Data
• De-Identified Research Data
• Published Research
• Any Information on-
• The Office of Research Website
• University Research Budgets
• Medical Research Opportunities
Yes
All export controlled data is restricted.
No
Controlled Data
• Research Results Where:
o Confidentiality Was Promised
o Although Not Required
• Limited Research Data Sets
• Unpublished Research

Restricted Data
• All Export Controlled Data
• Identifiable Research Subject Data
• Data From Human Subject Research

Public Data
• De-Identified Research Data
• Published Research
• Any Information on-
• The Office of Research Website
• University Research Budgets


Public Data
Restricted Data
• Student Financial Services Information
*
• Credit/Debit Card Numbers
• Personal Financial Account Numbers
• Personal Payment History
*
• Personal Financial Aid/Grant information
*
• Student Tuition Bill
*
• Student Loan Information
*
Controlled Data
• Time Card Information
• Pay Stubs
• Name
*
• Date of Birth
*
• Place of Birth
*
• Campus Office Addresses
*
Controlled Data
• Name
• Date of Birth
• Place of Birth
• Campus Office Address
• Mailing Address
• Secondary Mailing Address
• Residence Assignment/Room Number
• Attendance Dates
• Enrollment Status
• IC Card Photos
• UCID M-Number

Restricted Data
• Social Security Number
• Driver’s License Number
• State ID Card Number
• Any Cumulative Grade Listing
• Transcripts

Public Data
• All Information on Division of Professional Practice
o Co-op Application Information
o Co-op Registration
o Co-op Checklist
o Co-op Student Assignments
o Co-op Calendars/Deadlines
o Internship Plans
o Award Nominations
o Contact Information
o Maps and Directions
o Class Credit Information

Public Data
• Any Information Provided on
o University Student Wellness website
o Counseling and Psychological Services website
o University Health Services
• Student Health Insurance Booklet
• Health Insurance Waiver
• Health Insurance Benefit Options

Restricted Data
• Health Insurance Policy Number
• Health Insurance Benefits
• Personal Health Records
• Social Security Number
• Driver’s License Number
• State ID Card Number
Controlled Data
Yes
All export controlled data is Restricted.
No
Public Data
• De-Identified Research Data
• Published Research
• Any Information on:
o The Office of Research Website
o University Research Budgets

Controlled Data
• Research Results Where:
o Confidentiality Was Promised
o Although Not Required
• Limited Research Data Sets
• Unpublished Research

Restricted Data
• All Export Controlled Data
• Identifiable Research Subject Data
• Data From Human Subject Research

Public Data
This data requires no confidentiality, and is readily available to the public.
Restricted Data
Sensitive information stored at the highest security level.
Controlled Data
Sensitive information that has been promised confidentiality.
Public Data
This data requires no confidentiality, and is readily available to the public.
Restricted Data
Sensitive information stored at the highest security level.
Controlled Data
Sensitive information that has been promised confidentiality.
Public Data
This data requires no confidentiality, and is readily available to the public.
Restricted Data
Sensitive information stored at the highest security level.
Controlled Data
Sensitive information that has been promised confidentiality.
All educational data is protected under the Family Educational Rights and Privacy Act, also known as FERPA. This is the federal law that governs the release of and access to student records.
All financial data is protected under the Gramm-Leach-Bliley Act, also known as GLBA. Which serves the purpose of protecting financial information obtained about customers.
This also includes Human Resources Information.
All medical data is protected under the Health Insurance Portability and Accountability Act. Also known as HIPAA. This is the federal law that prescribes the standard for protecting health related information.
Any Information Provided on
University Student Wellness Website
Counseling and Psychological Services Website
University Health Services
Student Health Insurance Booklet
Student Health Insurance Waiver
Student Health Insurance Benefits
Sensitive information stored at the highest security level.
Public
• De-Identified Research Data
• Published Research
• Any Information on-
• The Office of Research Website
• University Research Budgets

Restricted
• All Export Controlled Data
• Identifiable Research Subject Data
• Data From Human Subject Research
• Data Under HIPAA Privacy Use Agreement

Controlled
• Research Results Where:
o Confidentiality Was Promised
o Although Not Required
• Limited Research Data Sets
• Unpublished Research

Public Data
This data requires no confidentiality, and is readily available to the public.
Restricted Data
Sensitive information stored at the highest security level.
Controlled Data
Sensitive information that has been promised confidentiality.
Public Data
This data requires no confidentiality, and is readily available to the public.
Restricted Data
Sensitive information stored at the highest security level.
Controlled Data
Sensitive information that has been promised confidentiality.
Public Data
This data requires no confidentiality, and is readily available to the public.
Restricted Data
Sensitive information stored at the highest security level.
Controlled Data
Sensitive information that has been promised confidentiality.
Public Data
This data requires no confidentiality, and is readily available to the public.
Restricted Data
Sensitive information stored at the highest security level.
Controlled Data
Sensitive information that has been promised confidentiality.
Public Data
This data requires no confidentiality, and is readily available to the public.
Restricted Data
Sensitive information stored at the highest security level.
Controlled Data
Sensitive information that has been promised confidentiality.
Yes
All export controlled data is considered restricted.
No
Public Data
This data requires no confidentiality, and is readily available to the public.
Controlled Data
Sensitive information that has been promised confidentiality.
Restricted Data
Sensitive information stored at the highest security level.
Public Data
Restricted Data
Sensitive information stored at the highest security level.
Controlled Data
Sensitive information that has been promised confidentiality.
This data requires no confidentiality, and is readily available to the public.
• Mangers Tools for Student Employees
• Course Catalogs
• Campus Maps
• Directory Information of Faculty and Staff
• Schedule of Classes
• Ratings and Rankings of UC
• Data on Website for General Public

All educational data is protected under the Family Educational Rights and Privacy Act, also known as FERPA. This is the federal law that governs the release of and access to student records.
All financial data is protected under the Gramm-Leach-Bliley Act, also known as GLBA. Which serves the purpose of protecting financial information obtained about customers.

*Most financial information regarding students is still under the protection of FERPA, which is the Family Educational Rights and Privacy Act. This is the federal law that governs the release of and access to student records. those items are labeled with an asterisk.


All medical data is protected under the Health Insurance Portability and Accountability Act. Also known as HIPAA. This is the federal law that prescribes the standard for protecting health related information.

*Most information regarding students is still under the protection of FERPA, which is the Family Educational Rights and Privacy Act. This is the federal law that governs the release of and access to student records. those items are labeled with an asterisk.
This data requires no confidentiality, and is readily available to the public.
Sensitive information that has been promised confidentiality.
Sensitive information stored at the highest security level.
Sensitive information stored at the highest security level.
Sensitive information that has been promised confidentiality.
This data requires no confidentiality, and is readily available to the public.
This data requires no confidentiality, and is readily available to the public.
Sensitive information that has been promised confidentiality.
Sensitive information stored at the highest security level.
This data requires no confidentiality, and is readily available to the public.
Sensitive information stored at the highest security level.
Sensitive information that has been promised confidentiality.
This data requires no confidentiality, and is readily available to the public.
Sensitive information stored at the highest security level.
Sensitive information that has been promised confidentiality.
This data requires no confidentiality, and is readily available to the public.
Sensitive information stored at the highest security level.
This data requires no confidentiality, and is readily available to the public.
Sensitive information that has been promised confidentiality.
Sensitive information stored at the highest security level.
This data requires no confidentiality, and is readily available to the public.
Sensitive information that has been promised confidentiality.
Sensitive information stored at the highest security level.
This data requires no confidentiality, and is readily available to the public.
Sensitive information stored at the highest security level.
Sensitive information that has been promised confidentiality.
This data requires no confidentiality, and is readily available to the public.
Sensitive information stored at the highest security level.
Sensitive information that has been promised confidentiality.
This data requires no confidentiality, and is readily available to the public.
Sensitive information that has been promised confidentiality.
Sensitive information stored at the highest security level.
This data requires no confidentiality, and is readily available to the public.
Sensitive information that has been promised confidentiality.
Sensitive information stored at the highest security level.
Sensitive information stored at the highest security level.
Sensitive information that has been promised confidentiality.
This data requires no confidentiality, and is readily available to the public.
Patient Names
Patient Addresses
E-mails/URL’s/IP Addresses
Health Insurance Policy Number
Health Insurance Benefits
Personal Health Records
Social Security Number
Driver’s License Number
State ID Card Number
Protected Health Information
Electronic Health Information
Biometric Information
• Mangers Tools for Student Employees
• Course Catalogs
• Campus Maps
• Directory Information of Faculty and Staff
• Schedule of Classes
• Ratings and Rankings of UC
• Data on Website for General Public
• Social Security Numbers
• Credit/Debit Card Numbers
• Wire Transfer Information
• Payment History
• Personal Financial Aid/Grant Information
• Student Tuition Bills
• Student Loan Information
• Driver’s License Number
• State ID Card Number
• Any Cumulative Grade Listing
• Transcripts

• Name
• Date of Birth
• Place of Birth
• Campus Office Address
• Mailing Address
• Secondary Mailing Address
• Any Information Provided On:
o Human Resources Medical Benefits Website
o Faculty Toolkit Information
o Counseling and Psychological Services Website
o University Health Services Website
• Workman's Compensation Information
• Health Plan Contact Information
• Health Insurance Policy Number
• Health Insurance Benefits
• Personal Health Records
• Social Security Number
• Driver’s License Number
• State ID Card Number
• Protected Health Information
• Electronic Health Information
• Biometric Information
• Course Catalogs
• Campus Maps
• Directory Information About Faculty and Staff
• High-Level Enrollment Statistics
• Admissions Information
• Schedule of Classes
• Ratings and Rankings of UC
• Data on Website for General Public
• Social Security Number
• Driver’s License Number
• State ID Card Number
• Any Cumulative Grade Listing
• Transcripts
• Student Financial Services Information
• Credit/Debit Card Numbers
• Wire Transfer Information
• Payment History
• Personal Financial Aid/Grant Information
• Student Tuition Bill
• Student Loan Information

• Name
• Date of Birth
• Place of Birth
• Campus Office Address
• Mailing Address
• Secondary Mailing Address
• Residence Assignment/Room Number
• Attendance Dates
• Enrollment Status
• UC Degrees/Honors
• Major/Minor/Fields
• Prior Institutions
• IC Card Photos
• UCID M-Number
• Graded Work
• Grade Books


• Tuition and Fee’s
• General Financial Aid Information
• Scholarship Opportunities
• Grant Opportunities
• Blank FAFSA Forms
• Student Job Opportunities
• University Budgets
• Satisfactory Academic Progress Policy
• Pay Scales
• Bonus Information
• Tuition Remission
• Employee Discounts
• Retirement/Savings Information
• Job Openings

• Student Financial Services Information
• Credit/Debit Card Numbers
• Wire Transfer Information
• Payment History
• Personal Financial Aid/Grant Information
• Student Tuition Bill
• Student Loan Information
• Bank Account Numbers
• Any Information Provided On:
o University Student Wellness Website
o Counseling and Psychological Services Website
o University Health Services Website
• Student Health Insurance Booklet (Including Offered Benefits)
• Health Insurance Waiver

• Patient Names
• Street Address, City, Country, Zip Code
• Dates Related to an Individual (Except Years)
• E-mail, URLs, & IP Numbers
• Social Security Numbers
• Account/Medical Record Numbers
• Health Plan Beneficiary Numbers
• Certificate/License Numbers
• Vehicle I.D/Serial Numbers
• Device ID/Serial Numbers
• De-Identified Research Data
• Published Research
• University Research Budgets
• Any Information On: The Office of Research Website

• Research Results Where:
o Confidentiality was promised, but not required
• Limited Research Data Sets
• Unpublished Research

• Identifiable Research Subject Data
• Any Export Controlled Data
• Data From Human Subject Research
• Time Card Information
• Pay Stubs
• Stipend Information
• Name
• Date of Birth
• Place of Birth
• Campus Office Addresses
• Mailing Address
• Secondary Mailing Address
• Residence Assignment/Room Number
• Intellectual Property Endowed Fund Information
• Office of Research Discretionary Fund
• Showcase UC Fund

• Social Security Number
• Student Financial Services Information
*
• Credit/Debit Card Numbers
• Personal Financial Account Numbers
• Personal Payment History
*
• Personal Financial Aid/Grant information
*
• Student Tuition Bill
*
• Student Loan Information
*

• Tuition Remission
• Employee Discounts
• Retirement/Savings Information
• State Employee Salaries
• Job Openings

• Tuition Remission
• Employee Discounts
• Retirement/Savings Information
• Job Openings
• State Employee Salaries
• University Budgets
• Time Card Information
• Pay Stubs
• Name
• Date of Birth
• Place of Birth
• Campus Office Addresses
• Mailing Address
• Hiring Information
• Co-Op Earnings Information
• Past Co-Op Earning Information
• Pay Scales
• Bonus Information
• General Financial Aid Information
• Co-op/Internship Opportunities
• University Budgets
• Social Security Numbers
• Financial Account Numbers
• Credit/Debit Card Number
• Account History

• Any Information Provided On:
o Human Resources Medical Benefits Website
 Staff Toolkit Information
• Counseling and Psychological Services Website
• University Health Services Website
• Workman's Compensation Information
• Health Plan Contact Information

• Name
• Date of Birth
• Place of Birth
• Campus Office Address
• Mailing Address
• Secondary Mailing Address
• Social Security Number
• Driver’s License number
• State ID Card Number
• Full Name and Date of Birth
• Any Cumulative Grade Listing
• Transcripts

• Social Security Numbers
• Financial Account Numbers
• Credit/Debit Card Number
• Account History
• Personal Student Financial Services Information


Enrollment Status
UC Degrees/Honors
Awarded Dates of Degrees
Major/Minor/Fields of Study
University Degree Honors
Prior Institutions
ID Card Photo
UCID (M-Number)
Graded Work
Grade Books
•Enrollment Status
• UC Degrees/Honors
• Major/Minor/Fields
• Prior Institutions
• IC Card Photos
• UCID M-Number
• Graded Work
• Grade Books
• Enrollment Status
• Prior Institutions
• IC Card Photos
• UCID M-Number
• Graded Work
• Grade Books
• Enrollment Status
• Prior Institutions
• IC Card Photos
• UCID M-Number
• Graded Work
• Grade Books
• Biometric Identifiers
• Full Face Images Associated with HIPAA Records
• Payment Guarantor's Information
• Health Insurance Policy Number
• Personal Health Records
• Social Security Number
• Driver’s License Number
• State ID Card Number
• Full Name with Date of Birth
• Biometric Identifier
• All Protected Health Information
• Any Other Unique Identifying Number, Characteristic, or Codes

Export Control Regulations means regulations promulgated under the authority of the International Trade in Arms Regulations and Export Administration. These regulations require the university to obtain permission from the specific government agencies before allowing foreign nationals to access certain controlled technologies. They have the potential to limit the research opportunities of foreign students, or employees to prevent international collaboration in certain research areas.
Export Control Regulations means regulations promulgated under the authority of the International Trade in Arms Regulations and Export Administration. These regulations require the university to obtain permission from the specific government agencies before allowing foreign nationals to access certain controlled technologies. They have the potential to limit the research opportunities of foreign students, or employees to prevent international collaboration in certain research areas.
Export Control Regulations means regulations promulgated under the authority of the International Trade in Arms Regulations and Export Administration. These regulations require the university to obtain permission from the specific government agencies before allowing foreign nationals to access certain controlled technologies. They have the potential to limit the research opportunities of foreign students, or employees to prevent international collaboration in certain research areas.

• Name
*
• Date of Birth
*
• Place of Birth
*
• Campus Office Addresses
*
• Mailing Address
*
• Secondary Mailing Address
*
• Residence Assignment/Room Number
*

• Name
*
• Date of Birth
*
• Place of Birth
*
• Campus Office Addresses
*
• Mailing Address
*
• Secondary Mailing Address
*
• Residence Assignment/Room Number
*
Controlled Data
Sensitive information that has been promised confidentiality.
• Time Card Information
• Pay Stubs
• Stipend Information
• Name
*
• Date of Birth
*
• Campus Office Addresses
*
• Mailing/Secondary Mailing Address
*

• Name
*
• Date of Birth
*
• Place of Birth
*
• Campus Office Addresses
*
• Mailing Address
*
• Secondary Mailing Address
*
• Residence Assignment/Room Number
*
• Name
• Date of Birth
• Place of Birth
• Campus Office Addresses
• Mailing Address
• Secondary Mailing Address
• Name
• Date of Birth
• Place of Birth
• Campus Office Addresses
• Mailing Address
• Secondary Mailing Address
• Name
• Date of Birth
• Place of Birth
• Campus Office Addresses
• Mailing Address
• Secondary Mailing Address
• Name
• Date of Birth
• Place of Birth
• Campus Office Addresses
• Mailing Address
• Secondary Mailing Address
• Residence Assignment/Room Number



• UC Degrees/Honors
• Major/Minor/Fields
• Prior Institutions
• IC Card Photos
• UCID M-Number
• Graded Work
• Grade Books

• Lists of Undergraduate Research Programs
• Lists of Graduate Research Programs
• Lists of Support Programs
• Interdisciplinary Research Programs
• Directory Information of Faculty and Staff
• Schedule of Classes
• Mangers Tools for Student Employees
• Student Worker Openings
• Student Worker Handbook
• All Information on Student Employment Website
Is it published?
Was confidentiality promised?
Does it involve human subjects?
Does it have identifiable research subjects?
Is this export controlled data?
Yes
All published research is considered public data.
No
Unpublished research is considered controlled data. To find out if this data contains restricted qualities, continue to the following questions.
Yes
Any time confidentiality is promised then the research is considered controlled.
No
If confidentiality is not promised, the data may be considered public. To find out if the data contains restricted or controlled qualities review the following questions.
Yes
Any time research involves a human subject it is automatically considered controlled data.
No
If research does not involve human subjects it may be considered public. To find out if data has restricted qualities, continue on to the following questions.
Yes
Any time research involves identifiable research subjects it is automatically considered Restricted.
No
If research does not involve identifiable research subjects, please review the previous and following questions to ensure the security level for this data.
Yes
All export controlled data is considered Restricted.
No
If research is not export controlled, review the previous questions to ensure the security level for this data.
How FERPA Protects Data
Students must be notified annually in writing their rights under FERPA.
Right to seek amendment or correction of educational records.
Right to have some control of the disclosure of information from education records except when release is permitted by law.
Right to file complaints with the Family Policy Compliance Office, United States Department of Education, within 180 days of alleged violation.
Since UC has a policy of disclosing personally identifiable information to school officials:
The criteria for determining school officials
A description of what constitutes legitimate educational interest.

Non-Compliance may result in:
Lawsuit
Loss of federal funding
Conviction of a misdemeanor under the Public Information Act.
Confinement in the county jail not to exceed 6 months
Or fines not to exceed $1,000
Or both
Dismissal

Every user is responsible for safeguarding restricted information.

Personal or unauthorized use or disclosure of restricted data is prohibited.

Restricted information must secured on all network drives with: name, password, and encryption.

UCIT Office of Information Security must review all safeguards on any portable devices.

Users must always log in, and log out of systems and applications when not in use.

Any systems involved with electronic health information must have: anti-malware programs, encryption software, and timeout periods.
- These safeguards must not be removed, disabled, or altered in any way.

Any business associates requiring access to restricted information require a written agreement.

All UC faculty, staff, students and affiliates must immediately report violations of this policy.
Including information security incidents that may involve the loss of, improper disclosure of, or improper access to electronic protected health information, or restricted data.
- EX: Loss or theft of a computer, smartphone, or thumb drive storing restricted information, or an electronic intrusion into a computer storing restricted information.

The University of Cincinnati reserves the right to suspend access to information for:
- Suspected violations
- Pending investigation and resolution,
The University of Cincinnati also has the right to terminate access to any user found in violation of its policies, procedures, or safeguards.

Reports should be made to the UCIT Office of Information Security at Abuse@UC.edu

Data Protection Safeguards
How is the data protected?
Does this involve a limited research data set?
Yes
For a data set to be considered a "limited data set" all personal identifiers (i.e. Social Security Numbers, Names, Addresses, ETC) must be removed, and then the data is considered controlled.
No
If data does not involve a limited research data set, review the following questions to see if this data contains other restricted or controlled criteria.
Research data is protected under HIPAA, the Health Insurance Portability and Accountability Act, which is the federal law that applies to individually identifiable information on past, present or future health care or payment for health care through the use of physical and technical safeguards.
HIPAA Violation Consequences
All HIPAA violations must be reported to Abuse@uc.edu.

UC Staff is authorized to investigate all alleged violations.

Violations will be pursued in accordance with the appropriate disciplinary procedures for all users as outlined in the University Rules, Faculty Handbook, Staff Personnel Policies and Procedures Manuals.

Data Classification
Public Data
- Data that is readily available to the public, requires no confidentiality or integrity protection.

Controlled Data-
Data whose integrity must be maintained, but not categorized as "restricted."

Restricted Data-
Personal identity information that consists of an individuals first and last name in combination with another personal identifier such as: Social Security Number, Financial Account Number, Drivers License Number, ETC.
Export Controlled Regulations are regulations under the authority of the International Trade in Arms Regulations and the Export Administration Regulations.


Medical data is protected under HIPAA, the Health Insurance Portability and Accountability Act, which is the federal law that applies to individually identifiable information on past, present or future health care or payment for health care through the use of physical and technical safeguards.
How is the data protected?
HIPAA
Data Protection Safeguards
Every user is responsible for safeguarding restricted information.

Personal or unauthorized use or disclosure of restricted data is prohibited.

Restricted information must secured on all network drives with: name, password, and encryption.

UCIT Office of Information Security must review all safeguards on any portable devices.

Users must always log in, and log out of systems and applications when not in use.

Any systems involved with electronic health information must have: anti-malware programs, encryption software, and timeout periods.
- These safeguards must not be removed, disabled, or altered in any way.

Any business associates requiring access to restricted information require a written agreement.

All UC faculty, staff, students and affiliates must immediately report violations of this policy.
Including information security incidents that may involve the loss of, improper disclosure of, or improper access to electronic protected health information, or restricted data.
- EX: Loss or theft of a computer, smartphone, or thumb drive storing restricted information, or an electronic intrusion into a computer storing restricted information.

The University of Cincinnati reserves the right to suspend access to information for:
- Suspected violations
- Pending investigation and resolution,
The University of Cincinnati also has the right to terminate access to any user found in violation of its policies, procedures, or safeguards.

Reports should be made to the UCIT Office of Information Security at Abuse@UC.edu
All HIPAA violations must be reported to Abuse@uc.edu.

UC Staff is authorized to investigate all alleged violations.

Violations will be pursued in accordance with the appropriate disciplinary procedures for all users as outlined in the University Rules, Faculty Handbook, Staff Personnel Policies and Procedures Manuals.
HIPAA Violation Consequences
For More Information
- When in doubt, don't give it out!

- If you have any questions on what you can or cannot release check with:
-Your Supervisor
-The Registrar's Office
513-556-9900
,
-The Office of General Counsel
513-556-3483
How GLBA Protects Your Data
Examples of Identifiable Research Subjects
• Names
• Geographic subdivisions smaller than a state with combining zip code.
• Dates related to an individual (e.g. birth dates, admission dates, discharge date, death date, etc.)
• Telephone/Fax numbers
• E-mail addresses
• Social Security Number’s
• Medical record numbers
• Health plan beneficiary numbers
• Account numbers
• Certificate/license numbers
• Vehicle identifiers and serial numbers, including license plates numbers
• Device identifiers and serial numbers
• Universal Resource Locator’s (URL's)
• Internet Protocol Addresses (IP Addresses)
• Biometric Identifiers (finger and voice prints)
• Full face photos and any comparable images

What UC Offers to Protect Data
Security and Awareness
Advice
Social Media
Rules to Follow

• Assume the personal information and photos displayed are available to everyone, not just friends.
• Know what you’re posting, if you would not want a future employer to see it, then don’t post it.
• Protect children from online predators by not tagging or stating their name in captions of photos.
• Don’t mention being away from home.
• Think about the people you are friending, they may not always be who they seem.
• Be cautious of networks and groups you join.
• Limit what’s available for everyone to view, make your profile private.
• Familiarize yourself with sites privacy procedures.
• Don’t display full name with birth date.
• Disable unnecessary/unfamiliar options
• Restrict searches of your information to just your friends.
• Use a strong password, and don’t use the same password for other sites.
• Check your browser and security software and make sure it’s all up to date.
• Understand how to quit site.
Know what can follow upon deactivation! Ex:
-What photos they will keep up for technical reasons
-If there will be a delay between your delete request and the actual deletion

Identity Theft

Deter
- Safeguard your information

Detect
- Suspicious activity by routinely monitoring your financial accounts and billing statements

Defend
- Against identity theft as soon as you suspect a problem

o
Know how identity thieves can get your information:
-Go through your trash/dumpster diving.
-Stealing your wallet or purse.
-Stealing your mail or submitting a change of address form.
-Use phishing or sending you fake emails to get you to provide personal information.
-Stealing personnel records from their employers.

Special concerns for students:
• Dormitory burglaries
• Driver’s license/student ID theft
• Credit card offers
• Use of Social Security numbers for identification

We are often responsible for out loss of privacy
FTC Says:
Secure Your
Smart Phones
-First rule of thumb is always to have a password/code for your phone
-Make sure device is encrypted (Android)
-Be sure to do all firmware updates to close up security vulnerabilities
-Do not root your device especially if sending or receiving sensitive data
-Make sure to adjust the privacy settings to prevent data replication to Google cloud based servers
-Never connect to unknown WiFi’s
-Always read reviews of Apps to be sure you’re not downloading anything malicious
-Get an Anti-Virus App, they are free and help protect your phone

Spam
-Best way for computers to fight spam is filtering software

-Protect personal information
-EX: only share CC information with companies you trust

-Know who you’re dealing with, don’t do business with companies that won’t
provide name, street address and telephone number

-Take your time, resist urges to “Act Now” on promotional offers

-Read the small print – get all promises in writing and review them before making payments or signing a contract

-Never pay for a “free” gift

-Never unsubscribe or reply – many spam e-mails contain a link to unsubscribe which usually is nothing but a way to confirm it’s a working e-mail address

-Activate your spam filter in your mailbox

-Report spam when you get it

Consulting
Information Security will:
o Review applications, systems, or processes
o Get involved with projects making them:
-Easier
-Cheaper
-Build in security and compliance

Service Requests:
infosec@uc.edu

Creation of Security Policies
& Incident Response
UCIT OIS creates the policies that govern information security throughout the university and UCIT.
EX: Data Protection Policy

UCIT OIS also oversees an interdisciplinary team equipped to respond appropriately in the even of a Cyber Security incident.
Laptops for Travel
UCIT OIS provides a basic clean laptop for faculty and staff traveling overseas for the university.
UCIT OIS also provides a Traveling with Mobile Devices Checklist:

http://www.uc.edu/content/dam/uc/infosec/docs/general/Travel_Clean_Computer.pdf
Shredding
Paper documents are important to dispose of properly.

UCIT OIS sponsors 2-3 shred events each year.

See http://www.uc.edu/infosec/services/shredding.html for more details


-or feel free to contact us for guidance with arranging your own shredding.
Whole Disk Encryption
If you are UC Faculty or Staff with administrative-level access whole disk encryption is available to you.

All requests are handled through GetIT and the UCIT Integrated Help Desk.

For more information read:
http://www.uc.edu/infosec/tools_software/pgp.html
Tools and Software
• McAfee Anti-Virus and Anti-Spyware
- http://www.uc.edu/ucit/ware/software/mcafee.html

• Electronic File Sanitization
- http://www.uc.edu/infosec/tools_software.html


• Iron Port C360 appliances to provide security for UCMail
o It monitors Spam so you don’t have to!

What You Can Do To Protect Data
- Data protection starts with the users, which is
you
!

-Educate yourself on university protection policies.

-Never leave your device unattended

- Always have a strong password

GLBA requires the university to give consumer privacy notices that explain the information sharing practices.

Consumers have the right to limit some, but not all, sharing of their information.


How FERPA Protects Data

Students must be notified annually in writing their rights under FERPA.
-Right to seek amendment or correction of educational records.
-Right to have some control of the disclosure of information from education records except when release is permitted by law.
-Right to file complaints with the Family Policy Compliance Office, United States Department of Education, within 180 days of alleged violation.
-Since UC has a policy of disclosing personally identifiable information to school officials:
-The criteria for determining school officials
-A description of what constitutes legitimate educational interest.

Non-Compliance may result in:
-Lawsuit
-Loss of federal funding
-Conviction of a misdemeanor under the Public -Information Act.
-Confinement in the county jail not to exceed 6 months
-Or fines not to exceed $1,000
-Or both
-Dismissal
- When in doubt, don't give it out!

- If you have any questions on what you can or cannot release check with:
-Your Supervisor
-The Registrar's Office
513-556-9900
,
-The Office of General Counsel
513-556-3483
For More Information
How GLBA Protects Your Data
For More Information
How HIPAA Protects Your Data
For More Information
Has It Been Published?
Yes
No
All published research is considered public data.
Unpublished research is considered controlled data. To find out if this data contains criteria to be considered restricted please review the following questions.
Does it Involve human subjects?
Yes
No
If research does not involve human subjects it may be considered public. To find out if data has restricted qualities, continue on to the following questions.
Any time research involves a human subject it is automatically considered controlled data.
Is this a limited research data set?
Yes
No
For a data set to be considered a "limited data set" all personal identifiers (i.e. Social Security Numbers, Names, Addresses, ETC) must be removed, and then the data is considered controlled.
If data does not involve a limited research data set, review the following questions to see if this data contains other restricted or controlled criteria.
Was confidentiality promised?
Yes
No
Was confidentiality promised?
Yes
No
Full transcript