GRACS

User Tools

Site Tools

Trace: meeting_notes reading_groups
ut_data_security_policy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
ut_data_security_policy [2017/02/11 15:56]
jthywiss created 		ut_data_security_policy [2017/07/05 21:37] (current)
jthywiss [UT Data Security Policy] Expand description of Texas student records law
Line 12: Line 12:
  
 Note this last category:  If you’re a Teaching Assistant or Assistant Instructor, you’ll have student data, and //all// of it is //confidential//. Note this last category:  If you’re a Teaching Assistant or Assistant Instructor, you’ll have student data, and //all// of it is //confidential//.
 +
 +:!:**Note:** Student data must be handled very carefully. It is officially a //crime// (//i.e.// threat of fines, jail time, getting fired) in Texas to distribute, misuse, "permit inspection of", or disclose any records, files, documents, or other materials which contain information directly related to a student.  If you want details, see [[http://www.statutes.legis.state.tx.us/GetStatute.aspx?Code=GV&Value=552.114|Tex. Gov't Code § 552.114]], [[http://www.statutes.legis.state.tx.us/GetStatute.aspx?Code=GV&Value=552.352|Tex. Gov't Code § 552.352]], [[https://www.law.cornell.edu/uscode/text/20/1232g#a_4_A|20 U.S.C. § 1232g(a)(4)(A)]].
  
 There are university rules you have to follow if you have UT data. There are university rules you have to follow if you have UT data.
Line 70: Line 72:
  
 (All of this is enough of a pain that you may want to keep all student data on department-managed servers only, with tight access controls in place.) (All of this is enough of a pain that you may want to keep all student data on department-managed servers only, with tight access controls in place.)
 +
 +
 +===== Disk Encryption =====
 +
 +UT has approved these disk encryption products:
 +  * WinMagic SecureDoc
 +  * Microsoft Bitlocker
 +  * Apple FileVault 2
 +  * Linux Unified Key Setup (LUKS) Encryption
 +
 +
 +===== E-Mail Encryption =====
 +
 +UT offers e-mail certificates for use with S/MIME-capable e-mail clients. You can have certificates issued for any of your utexas.edu addresses, including UTCS department e-mail and the university’s UTmail.
 +
 +Instructions are here: https://wikis.utexas.edu/display/digitalcertificates/How+To+Request+a+Digital+Certificate
 +
 +
 +===== E-mail Services =====
 +
 +UT has approved these e-mail services for student data (FERPA):
 +  * [[https://office365.austin.utexas.edu|Office 365]]
 +  * [[https://utmail.utexas.edu|UTmail]]
 +  * UT-hosted Exchange Server
 +  * Presumably, the UTCS department mail service
 +
 +
 +===== Cloud Storage/File Sharing Services =====
 +
 +UT has approved these cloud storage services for student data (FERPA):
 +  - [[https://utexas.box.com|UTBox]] -- Strongly preferred.  Also approved for HIPAA and PCI data.
 +  - [[https://utmail.utexas.edu|Google Drive for Education]] -- Part of UTmail
 +  - Microsoft OneDrive -- Part of Office 365 (I think)
 +
 +Notably, DropBox and iCloud are **not** approved for controlled or confidential data.
 +
 +
 +===== Privacy Notice =====
 +
 +If you create a paper form or electronic form, put a Texas privacy notice on it.  This is something like:
 +
 +> Under Texas Government Code chapters 552 and 559, you are entitled to be informed about the information that UT Austin collects about you. You also have the right to request a copy of that information, and to have the university correct any of that information that is wrong. You may request to receive and review any of that information, or request corrections to it, by contacting the university's Public Information Officer, Office of Financial Affairs, P.O. Box 8179, Austin, Texas, 78713.
 +
ut_data_security_policy.1486850210.txt.gz · Last modified: 2017/02/11 15:56 by jthywiss

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki