October 2023 marks 20 years of Cybersecurity Awareness Month.
On Tuesday, August 1, we will be enabling Duo Verified Push for all IU staff for services including IU Login. Duo Verified Push provides additional protection against attackers sending unsolicited Duo pushes to you trying to gain access to your IU account.
Any Microsoft Teams team must be created using IU's Institutional storage request form. To help with this process, a “New Team” button will be added to the left menu Starting July 12, linking directly to the form. This change helps safeguard new teams and their institutional data, while providing naming conventions and tools for storage owners and the IU community. IU will be working with Microsoft to remove the previous “Join or create a team” button during Fall 2023 to help reduce confusion.
Generative AI tools, such as ChatGPT, are being explored by the IU community for their many applications. The Privacy Office encourages you to take precautions when sharing personal information with these tools, as your content may be regenerated and shared with other users.
Chat Generative Pre-trained Transformer (ChatGPT) is an online model designed to mimic human interaction via text conversation. Learn about how it can and cannot be used at IU.
Indiana University hosts many events that may include the collection of personal information during the registration process. Personal information that is collected for an IU-hosted event is classified as restricted data and should not be shared with others without consent from the participants. Even if it doesn't fall under the university’s definition of institutional data, it is important that there are safeguards in place to protect the information from unauthorized access.
In the past, storage was simple. You saved a file on your hard drive, made a backup, and hoped that neither would fail and result in you losing your files. These days at IU, we have migrated our server-based storage to cloud storage providers. First it was Box, then it was Google and Microsoft, and now, it's predominantly Microsoft storage. My goal with this article is to give you some sure-fire tips for finding files saved within Microsoft cloud storage.
In recognition of International Data Privacy Day, the University Information Policy Office has three simple steps to help you protect IU’s institutional data and to create a safer computing environment for the entire university community.
Starting January 31, 2023, Indiana University will require the use of sensitivity labels in Power BI to guard your sensitive content against unauthorized data access and leakage.
The University Information Policy Office (UIPO) would like to remind current storage owners and those who might request new storage locations that you MUST use the Institutional Storage Request Form if storing or sharing restricted or critical data classifications on Google or Microsoft at IU storage platforms.
Google has announced placement of caps on storage use, at 30% of the current total data stored in the IU Google instance. As a result, the university must limit the total storage footprint used by all IU services in Google systems to avoid drastically increased costs.
Don’t forget that international Data Privacy Day is January 28. It is always a good time to reaffirm your acceptable use agreement and update your required compliance training for the year. We appreciate your continued efforts in making data protection and privacy a priority; you play a key role in ensuring the confidentiality, integrity, and accessibility of the data we collect at IU.
The 2022 Data Protection and Privacy Tutorial is now available in Canvas. We encourage all employees to take a look at the new content and complete the quiz to obtain a certification. We recommend this as a standard training for all new employees or for anyone looking for a refresher. It is a good introduction to privacy and highlights best practices for managing institutional data at IU.
The UIPO would like to announce that a new storage management tool that is now available within the IU Institutional Storage request form. Current storage owners or those who request new storage locations will have access to make modifications to their Microsoft Teams or Google Shared Drives.
In preparation for the Box retirement, we have new storage services available for institutional data in both the Microsoft and Google environments. To request a new storage location for upcoming projects, you may submit a request using the form at storage.iu.edu. We do recommend consulting with your IT Pro first to see if they have already setup new storage locations for your department.
Zoom at IU offers several features and options that can help you maintain the integrity of your Zoom meeting or webinar. For tips to help secure your Zoom meeting and for additional information about recording and securing HIPAA and FERPA protected information, see the KB article: Prevent Zoombombing using Zoom privacy and security features.
As part of the Box retirement migration, both Microsoft storage and Google enterprise storage will be available for Restricted data and certain types of Critical data. Future communications will provide the timeline for when these environments will be ready for this type of institutional data. Pre-approved solutions (similar to Box Health and Box Entrusted) are being evaluated. For details, see the KB article: About dedicated file storage services and IT services with storage components appropriate for sensitive institutional data, including research data containing protected health information.
Hangouts Chat (a Google GSuite application) has been approved by the UDMC as a replacement for Google Chat and may be used to share documents containing public and university-internal information. Hangouts Chat should not be used for sharing information classified as restricted or critical.
A new feature in Box Drive, “Mark for Offline” (MfO), has been approved by the UDMC as a replacement for current Box “Sync” functionality which is expected to be retired by the end of 2019.
Users working with protected health information (PHI) will be glad to know the University Data Management Council (UDMC) has approved the use of MS Office Online when working with documents stored in Box Health Data Accounts (BHDA). This approval comes after receiving a signed Business Associate Agreement (BAA) from Microsoft and the completion of a HIPAA alignment review. MS Office Online continues to be available for working with other types of documents stored in Box.
Recent discussions with the University Data Management Council (UDMC) and a group of Data Stewards has resulted in the Crimson Card Photo being classified as “Restricted” institutional data. Use of the photo is governed by the DM-01 Policy. The CrimsonCard Policy was also updated to add this restriction.
Recently, the University Data Management Council reaffirmed an interest in requiring a periodic re-assent to our acceptable use agreements, and sought approval for a CAS interrupt requiring users to re-assent on a two year basis. This was approved and implementation is expected in the first half of 2018.
UITS is collaborating with the Office of Procurement Services to conduct expedited reviews for new software and cloud services requests from units. This Software and Services Selection Process (SSSP), ensures that existing IU software and services are fully leveraged whenever possible, that threats to IU data are minimized, and that the unit understands all resulting costs and risk choices before the desired solution is purchased.
There has been an announcement of three new Data Stewards and two rotating members of University Data Management Council (UDMC).
IU Warehouse is no longer considered a secure site for storage of Institutional Information classified as Critical, Restricted or University Internal.
The CDS reaffirmed the requirement for system owners of new services and platforms to complete the Institutional Data Standards checklist for any services/platforms hosting critical data. Data Stewards may also require completion of this checklist for systems hosting restricted data. It is recommended that system owners conduct an optional self-assessment for services hosting only public and university-internal data.
This decision was based on recommendations from UIPO and UISO after discussion at the October 20th CDS meeting. They will therefore be managed as other information technology safeguards.
IU is no longer releasing student addresses or phone numbers to the public. A student's street address and phone number are no longer considered public information, or listed as part of the FERPA directory information at IU.
After lengthy discussions and development of a list of considerations which must be met, the Committee of Data Stewards has approved the use of data classified as Restricted in Google Apps for Education.
In the past, the University Information Policy Office (UIPO) has provided hard-copies of the “Protecting Red Hot Data” (“flippy book“) containing a practical guide to how to appropriately collect, store, transmit and dispose of critical data. UIPO has recently updated and reformatted the flippy book into a new pocket-sized reference guide.
As the demand for third-party assessments continues to grow it is necessary to update the process to strengthen risk analysis and realize efficiencies. The first step is a major modification to the review process and will be supported by a new version of the Data Inventory documentation instrument. A pilot is underway to evaluate expected process benefits. Although process improvements will continue for a while, the new review process should be implemented in Q2 of 2016.
Thirteen faculty and staff members at Illinois State University were the apparent victims of an information breach that allowed someone to divert their direct deposit payroll payments to another account, according to university officials.
Per the Herald Times, a cyber security expert at Indiana University expects a federal court to rule in favor of the FBI in its dispute with Apple Inc. over unlocking an iPhone, but he’s not so sure it should.
The Committee of Data Stewards approved the distribution of Office 2016 and One-Drive for University Internal and Public data at the February Committee meeting. They also recommended that UITS develop a training module to educate users on the appropriate uses for Office 365.
Attention Data Stewards and Data Managers: The EIG system will be undergoing an upgrade on February 18th.
The free flow of data across the Atlantic, the lifeblood of modern business dealings, faces an uncertain future, despite a belated, high-level deal between European and U.S. officials this week.
The University of California at Berkley installed the new hardware for cybersecurity purposes after a data breach last July. Officials say they have no intention of using it to monitor emails, and that policy forbids them to do so.
Data Privacy Day 2016 had a focus on staying safe online, with resources from several social media platforms.
From Chief Data Officer Sara Chambers, some definitions of privacy throughout history.
At the December Committee of Data Stewards meeting UITS staff presented a proposal for how Role-Based Access Controls would be configured and managed within the Decision Support Initiative. The CDS approved the proposed approach as part of their continuing commitment to development of role-based access.