Information Security for Faculty & Staff
Faculty and staff at the University of Hawaii access the sensitive information of the University on a daily basis while each fulfilling individual duties and responsibilities.
Due to the openness of the environment and culture, coupled with fast research networks, universities are constantly probed and under cyber attack from various vectors. The "bad actors" are constantly looking for weaknesses in our computers and network, trying to infiltrate to steal information or misuse our technologies.Each one of us is responsible for safeguarding the information that we are entrusted with.
We must all be aware of the cyber risks and understand that higher education institutions are constantly under cyber attack. It is our responsibility to implement sufficient security controls to protect the data under our care in accordance to appropriate security policies and regulations.
General Data Protection Guidelines
UH Executive Policy E2.214: "Security and Protection of Sensitive Information" classifies data into two (2) categories: "Public" and "Sensitive". Sensitive data is anything that is subject to privacy considerations or has been classified as confidential and is subject to protection from public access or inappropriate disclosure.
Examples of sensitive information include (but are not limited to):
- social security numbers (protected by HRS 487J, 487N, 487R)
- student records (protected by FERPA)
- health information records (protected by HIPAA)
- personal financial information (credit card numbers, bank account information, etc.)
- personnel information (protected by HRS 92F)
- other information protected by federal, state, local regulations
Both the data itself and the computer used to access/manipulate the data need to be protected. Information on protecting sensitive information can be found in AskUs 1266. Information on securing your computer can be found in AskUs 593.
Special security precautions must be taken when using a mobile device (laptops, smartphones, tablets, etc.) Best practices for using these types of devices are found in:
Faculty members collecting research data (especially if using human subjects) or using institutional information have additional considerations and should be familiar with the University of Hawaii Institutional Review Board and should also read Information Security for Research.
For easy reference, a list of applicable UH policies, state regulations and federal regulations is provided below.
University of Hawaii Policies
- E2.210: Use and Management of Information Technology Resources policy
- E2.214: Security and Protection of Sensitive Information
- E2.215: UH Institutional Data Governance Policy
- E7.208: Student Conduct Code
- A8.710: Credit Card Program
- A8.711 Electronic Payments via University Websites
- A7.022 Procedures Relating to Protection of the Educational Rights and Privacy of Students
- A8.450 Records Management Guidelines and Procedures
Hawaii Revised Statutes
- HRS 92F: Uniform Information Practices Act (UIPA)
- HRS 92F: UIPA: Disclosure
- HRS 487J: Social Security Number Protection
- HRS 487N: Security Breach of Personal Information
- HRS 487R: Destruction of Personal Information Records