January 10, 2019
Executive Director, Gallaudet Technology Services
Many Gallaudet University departments handle sensitive information about students, faculty, and staff that the university must safeguard against the loss and theft of sensitive information. All individuals who have access to confidential or restricted data are required to sign a T1 Information Security Agreement (see Information Security Guidelines) and ensure the protection of data to which they have access.
All sensitive electronic information including all Gallaudet University constituent Social Security Numbers (SSNs), birth date, credit card, and other personal identification information must be stored on Gallaudet University data center servers, rather than on personal and departmental PCs, laptops, or other storage media including portable drives, USB thumb drives, and CDs/DVDs. IDfinder software is being deployed to help end-users to identify and remove sensitive information from their personal and departmental devices.
If sensitive information needs to be transmitted (moved to others or other locations), individuals are responsible for ensuring that the transport is via secured transport methods (e.g., secure FTP, secured USB drive, private tunnels or VPN (virtual private network). If sensitive data must be transmitted via USB thumb drive, the drive must be secured and offices are responsible for buying their own secured USB thumb drive from vendors such as IronKey or Kingston. Individuals are expressly prohibited from transmitting any sensitive data or personally-identifiable information via unsecured email.
In cases where Gallaudet University departments task external vendors or contractors to work with sensitive university data, then the data steward (e.g., Huamn Resources, Registrar) working with the external vendor or contractor must inform GTS of such projects upon initial discussion via submission of a IT Service Desk ticket. The specific data delegation and data transmission methods must be documented and approved by the GTS Executive Director and the budget unit head of the office that has data stewardship responsibilities. All such approval shall be documented within the IT Service Desk system and in the GTS Information System Inventory. All data shared with outside vendors must be stored and transmitted in an encrypted format.
If you witness a violation to this policy, you need to notify the appropriate university authorities.
Gallaudet University employees should report a violation to this policy in the following manner:
Gallaudet University students should report violations of this policy to both their Academic Advisor and the GTS Information Security Officer (ISO), with a copy to the GTS Executive Director.
Alumni, Visitors, or others
Gallaudet University visitors should report violations of this policy directly to the GTS Executive Director and the GTS Information Security Officer (ISO).
Last Reviewed: 11/04/2019