数据处理策略
政策声明
本政策规定了信息管理的指导原则,以及分类和处理机密信息的框架,适用于布林茅尔学院社区的所有成员.
The College and its individual community members are expected to responsibly manage, 处理, and use institutional information or data for instruction, 研究, 服务, 和管理. While such information or data may be accessed from, 或者存储在, 一个College-owned, 个人拥有的, 或第三方计算机或设备, this expectation of responsibility remains in force.
- 机构数据 consists of all information that is created, 收集, 许可, 维护, 记录, 使用, 或由学院管理, 员工, or any person or agent working on behalf of the College, regardless of the ownership or origin of the information.
- An institutional (or College-owned) system 有没有服务器?, 电脑, 移动设备, 网络, 或拥有的存储介质, 租来的, or 许可 by the College to store and access institutional data.
This College policy is intended to ensure the integrity, 可用性, and protection of institutional data without impeding legitimate, 授权访问, 和使用, 机构数据和系统.
布林茅尔社区的成员以任何方式使用或使用机构数据或系统必须遵守布林茅尔学院 可接受使用政策.
数据分类
Because of the nature of the College’s mission and activities, 在正常的工作过程中,每个部门和教员都在一定程度上接触到机密信息. Each person and office is expected to:
- Understand the nature of confidential information in their care
- Manage that data with safeguards proportional to the degree of confidentiality
- Understand the consequences that might result from improper handling or unauthorized access
| 数据分类 | 描述 | Examples (each community member 或者离开ment will have its own data list) | Consequences of Improper Handling or Unauthorized Access | |
|---|---|---|---|---|
|
1级: 受规管及其他敏感资料 |
Personally Identifiable Information (PII) and information protected by law, 监管, 合同, 具有约束力的协议, 或者行业要求. 在布林茅尔社区内,这些信息只在需要了解的基础上进行有限的分发. |
|
可能包括法律制裁, 罚款, and penalties for the College; violations of personal privacy; financial and/or reputational loss; potential lawsuits; for 研究 data, loss of access to critical data sources or funding; violation of personal privacy |
|
|
2级: Internal Data (Administrative and Community Data) |
信息仅限于分发给需要数据支持其工作的Bryn Mawr社区成员. Information intended for the Bryn Mawr community. Information at this level will not contain regulated information, but may be restricted to some or all members of the Bryn Mawr community. |
For documents which contain no level 1 data
|
May include financial and reputational loss; loss of productivity; loss of access to resources; violation of agreements |
|
|
3级: 公共数据 |
Information intended for the public. Information at this level will not contain regulated or confidential information. |
|
Publicly posted information must not pose any significant harm to the College, checking materials for accuracy and civil discourse is important to avoid reputational loss |
|
最佳实践
员工培训
大学的员工, particularly those who use or access confidential information (Level 1), must have training which includes an overview of applicable laws; recommendations on how to avoid or address known risks, password security and encryption; appropriate methods of record storage and backup; proper methods of record disposal; and College policies and guidelines related to data security and stewardship.
Supervisors should direct employees to appropriate training resources, 并且可以咨询LITS.
数据保护
学院的机密信息必须保存在符合教育要求的最安全的环境中, 研究, 服务, 或者运营需求. Store confidential data in properly secured locations—see the 数据处理及储存指引. If you use a 移动设备 to access College data, the device must be properly secured with a passcode or biometric access control, 通过加密. 在将机密文件打印到共享打印机/复印机时使用打印发布功能. 部门和个人负责确保数据的备份,以防止由于设备或技术故障造成的损失. Consult with LITS if you have questions about how to back up data. 对信息和/或信息存储设备或区域的访问必须限于有适当商业理由的人士. 主管将确保在员工入职时,其部门对机密信息的访问权限是最新的, 改变角色, 或者离开.
While this policy focuses mainly on handling of data in electronic formats, handling of data in print formats is equally important.
- Staff must ensure the confidentiality and security of files, 报告, 以及任何其他打印文件. Such documents must not be left unattended in public places or common areas.
- 存储区域, 文件的房间, 存放机密信息的文件柜必须在下班或无人值守时上锁.
- When printing confidential documents on shared printers, use secure print release.
- 所有包含机密信息的打印文件在丢弃或不再需要时必须粉碎.
密码
Access to electronic information must be protected by strong passwords. 密码 must never be shared with anyone. 参考学院的 可接受使用政策.
安全更新和补丁
The College is responsible for updating core systems, 服务器, and 网络 infrastructure and will do so as per the 系统维护策略.
员工和学生有责任及时应用推荐的软件更新和补丁,并在连接到布林莫尔网络的所有学院拥有的和个人设备和计算机上安装最新的软件. 他们必须在软件发布后尽快安装软件供应商认为对安全至关重要的更新或补丁.
防病毒保护
The College supports and maintains antivirus software for all College desktop devices. Employees must ensure they are using current antivirus protection software on any device they use for College business; contact LITS for College-recommended options.
个人设备
Use a properly secured device to gain remote access to confidential College data. Do not use devices shared with others for accessing confidential College information. 避免将机密资料下载至个人装置及避免在互联网上传送该等资料(例如.g.,电邮转发).
安全删除数据
Information no longer necessary for educational, 研究, 服务, 法律或学院政策规定不需要保留的信息必须作为常规业务流程安全删除,或一旦发现删除.
电子邮件转发
For community members with email accounts, 所有正式的学院电子信件都将通过您的布林莫尔电子邮件地址发送给您. 每个人都有责任通过访问他们的Bryn Mawr电子邮件及时收到官方信件.
教职员工: 教师 and staff may not systematically forward email to external accounts. 任何同时也是校友或其他身份的教职员工必须在其受雇期间删除电子邮件系统中的任何转发以及Bionic中的任何校友/i转发. Forwarding email increases the risk of exposing sensitive data.
用于学院官方目的的共享(或部门)电子邮件地址不得转发到布林茅尔以外的地方.edu.
学生:喜欢使用其他帐户的学生负责转发电子邮件并配置外部帐户以容纳推荐全球十大博彩公司排行榜的电子邮件. Bryn Mawr cannot guarantee delivery or recovery of emails forwarded to outside accounts (see http://techdocs.blogs.lin-koln.com/1800). 将Bryn Mawr电子邮件转发到外部帐户的学生有责任通过该个人帐户定期检查他们的Bryn Mawr电子邮件. 从事涉及访问特权信息的校园职位的研究生和本科生可能被要求删除电子邮件转发.
Please note that popular personal email accounts such as Gmail, Outlook.com等. are not offered under the same terms of 服务 as your institutional email account and do not promise confidentiality or compliance with any standard; use caution and read terms of 服务 carefully.
存储
看到 数据处理及储存指引.
违反政策
布林茅尔社区的成员有意或无意违反本政策和/或 可接受使用政策 有可能失去访问部分或全部大学信息资源的机会,并可能受到其他处罚和纪律处分, both within and outside of the College. 学院可将涉嫌违反适用法律的行为提交给适当的执法机构.
相关政策
推荐全球十大博彩公司排行榜
图书馆 and 资讯科技服务
凯纳迪库
北梅里恩大道101号
布林莫尔,宾夕法尼亚州,1910年
首席信息官办公室:
610-526-5271