Phone: 612-624-5551
unews@umn.edu
24-hr number: 612-293-0831

Advanced Search

Feature

A stack of CDs locked together with a combination lock.

Public jobs, private data

New U of M-MnSCU partnership provides data security training for public employees

By Gayla Marty

Brief, Oct. 4, 2006

Faculty, staff, and student employees of big, public colleges and universities today are stewards of vast amounts of data. Some of that data may be private. Other data may represent months or years of priceless research. Most of the work force uses laptops and e-mail to share research with others inside and outside the U.

Since 2003, many University of Minnesota employees have completed training for HIPAA, the Health Insurance Portability and Accountability Act of 1996, a federal law that establishes standards for the privacy and security of health information. But University data privacy and security are also governed by state laws and University policies.

"There is probably no institution in the state of Minnesota that has so many people who need regular access to private data," says Steve Cawley, associate vice president and chief information officer. "That makes education our best form of security."

"There is probably no institution in the state of Minnesota that has so many people who need regular access to private data."

The University of Minnesota is not alone in facing the challenge. That's why the Minnesota State Colleges and Universities (MnSCU) system worked together with the U to develop "Public Jobs: Private Data," an easy, Web-based data security program to give all employees the training they need to be responsible stewards of all types of data as well as the public trust. MnSCU is now licensing the program from the U.

The program covers security measures required for handling private data protected under federal and state laws as well as University policies. Employees learn to identify security issues, how to protect data and hardware, and the protocol for responding to a security problem. More than 8,000 faculty and staff in the U's Academic Health Center are already completing the training program's three primary, 15-minute courses. Training for the rest of the Twin Cities campus will begin this month, followed by Duluth, Crookston, and Morris. University-wide roll-out of the training program will be completed in February 2007.

October is National Cyber Security Awareness Month

The National Cyber Security Alliance is a consortium of government agencies and private industry sponsors that designated this month to increase awareness and educate the public. Get tips for home users, businesses, organizations, educators, and administrators from the NCSAM Toolkit.

"Federal law has required hospitals and health facilities to make significant changes over the past several years in how we manage health information," says Ross Janssen, University privacy and security officer. "The goal of this training is to implement that type of data handling University-wide."

All University faculty, staff, student workers, and health science students and volunteers will be required to take the training. An e-mail message will alert individuals when to go to the MyU portal and log in using their U of M Internet (X.500) IDs and passwords.

Each training module is assigned to individual faculty and staff members' portal on a staggered schedule, with two weeks between each course. The content includes not only HIPAA but the Federal Education Rights and Privacy Act (FERPA), Gramm-Leach Bliley Act (GLBA), the Minnesota Data Practices Act, and University policies.

Frank Cerra, senior vice president for the Academic Health Center, took the training and described it as outstanding.

School of Public Health dean John Finnegan says the courses are well written, interesting, and clear.

"They weren't at all a burden to complete," says Finnegan. "Above all, they remind us that our obligation to respect people's privacy should be basic to how we do business here at the University."

Public Jobs: Private Data rolls out during October, which has been designated as National Cyber Security Awareness Month. (See box, above left.)

"Data security is an emerging national concern," Cawley says, "and it's everyone's responsibility."


To learn more about the Public Jobs: Private Data training program, including downloadable posters, see the Privacy and Security Project.