Return to: U of M Home

What's Inside

Related Links

1-HELP

System Status

Securing Private/Non-public Data Letter

March 3, 2005

To: Deans, Directors, and Dept. Heads
Fr: Steve Cawley, Chief Information Officer and Associate Vice President
Re: Securing Private/Non-public Data

This email is a reminder that protecting non-public University information from disclosure and misuse is an important part of all of our jobs.  Please pass this information along and emphasize its importance by discussing your compliance plan with your staff.

New laws over the past couple of years, HIPAA for certain health data and Gramm-Leach-Bliley for certain financial data, in addition to the long-standing FERPA laws that protect student information have introduced new and significant regulatory requirements for information security. And as most people are aware, even without the new laws, information security is becoming increasingly challenging in the age of the Internet.

To meet that challenge, the Office of Information Technology has outlined certain specific steps needed to protect University private, non-public data. The steps are outlined in a policy document called the  Securing Private Data Standard, which was effective in October of last year.  While not everything necessary for legal compliance is included, the security requirements addressed in the Standard are a significant part of achieving compliance.  The web address for the Standard is: www.umn.edu/oit/security/privatedata.html

One of the difficult areas of compliance is desktop and laptop computers, many of which are not centrally managed.  To assist in compliance for these Windows desktop/laptop computers, downloadable QuickStart software is available that can automatically make changes for “Basic” and “Level-2” security compliance. If both the Basic and Level-2 are selected, over half of the requirements in the Securing Private Data Standard are addressed.  Note that both tools can simply be used to view or verify the current settings without making any changes, if desired.
See: www.quickstart.umn.edu

For more information on security topics, see the staff section of: www.safecomputing.umn.edu

Thank you for your assistance.