InfobITS Logo ITS - Fall 2006
In This Issue QuickbITS Archives IT Directory Publishing Info
Spring 2007 Rollout of New UH Information Security Policy
to previous article to next article
by Jodi Ito

To better protect confidential and personal information, UH is adopting a new policy focused specifically on protecting sensitive data. This new policy is designed to provide the framework and guidelines to be used when handling sensitive, personal and confidential information in accordance with the new State laws passed during the 2006 legislative session.

The three laws of interest to UH are:

  1. Social Security Number Protection: Restricts businesses and government agencies' usage of Social Security numbers
  2. Notice of Security Breach: Requires businesses and government agencies to notify consumers if their personal information has been compromised by an unauthorized disclosure.
  3. Destruction or Personal Information Records: Requires businesses and government agencies to take reasonable measures when storing and disposing of personal information.

Specifics of the UH Information Security policy include:

  • Categorization of data
  • Definition of sensitive information
  • Use of Social Security Numbers
  • Definitions of roles and responsibilities
  • Collection of sensitive information
  • Access to sensitive information
  • Transmission of sensitive information
  • Use, storage, and disposal of sensitive information
  • Disclosure of any breach of sensitive information

The policy defines sensitive information as: "information that is subject to privacy considerations or that has been classified as confidential and subject to protection from public access or inappropriate disclosure."

Examples of sensitive information include (but are not limited to):

  • Student records (especially anything protected by the Family Educational Rights and Privacy Act )
  • Health information (especially anything covered by the Health Insurance Portability and Accountability Act )
  • Personal financial information such as credit card numbers, bank account information, debit cards numbers, etc.
  • Social Security Numbers
  • Dates of birth
  • Private home addresses and phone numbers
  • Drivers license numbers and State ID Card numbers
  • Access codes, passwords and PINs for online information systems
  • Answers to "security questions" such as "what is the name of your favorite pet?"
  • Confidential information subject to attorney-client privilege
  • Detailed information about security systems (physical and/or network)
  • Confidential salary information

Any individual who uses, manages, maintains, and/or owns any of these types of information will need to be familiar with and comply with this new policy.

The policy is promulgated as a new UH Executive Policy. If you have any questions or comments about the policy, please contact Jodi Ito, Information Security Officer by email: jodi@hawaii.edu or by phone: (808) 956-2400.
 
to previous article to next article


Information Technology Services
Maintained by: editor@hawaii.edu
ITS Guide to Services
© 2006 University of Hawai'i
Last Updated: November 2006