Education IT
Data Security and Privacy Policy
- What does this policy cover?
- This policy covers any computer (server, workstation, laptop) that is owned by the Purdue University College of Education. This includes those belonging to centers and offices who's technology may not be managed by the COE Office of Information Technology.
- Why have a policy?
- With the ever growing thread of identity theft, and the sophistication of computer criminals, we need to be diligent in protecting potentially sensitive data. There are also federal guidlines such as HIPPA and FERPA that also mandate we take measures to protect privacy.
- What data can not be on a server connected to the internet?
- Though the Office of Information Technology makes every precaution to keep the servers that it manages safe from intrusion, the technology changes at such a fast pace that it is impossible to know every threat. Servers that are owned by any orginization affiliated with the College of Education must never store the folling information on a server attached to the Internet:
- Credit Card numbers
- Bank Account Number
- Personal Financial Information
- Information labeled "classified" or above by the United States government
- Social Security Numbers unless approved by the Director of the COE Office of Information Technology
- What data can not be on a networked workstation connected to the internet?
- Since workstations are used daily to access a myriad of locations on the internet, they have a larger degree of risk than servers do. The following types of data must never be stored on an individual's workstation unless specifically cleared by the Director of the Office of Information Technology and College Administrators:
- Credit Card numbers
- Bank Account numbers
- Personal Financial Information
- Social Security Numbers
- State ID numbers (Drivers License/State ID)
- What can I do to secure my sensitive data?
- If you own and maintain data that is classified as "Sensitive" or "Restricted" by the University, this includes any data related to student grades, discipline records, and anything that contains the PUID number of a student, you need to encrypt that data. The College of Education IT team recommends a program called "TrueCrypt" to do this. If you are interested in using this program to secure your documents on the network server and yoru removable storage, please email the Education IT team at edit@purdue.edu.
- Where can I go for more information?
- ITaP has many resources available for you to learn about data security and privacy. You can refer to one of these resources, or contact the College of Education Database Administrator at EdIT@purdue.edu.