SKIP navigation
Information Services
Information Services

Restricted Data

Background

Social Security Numbers, drivers' license information, usernames/passwords, banking access information and biometric data are increasingly at risk for identity theft, and Universities have become attractive targets for data disclosures. Information Services (ITS) has partnered with the principle data stewards and security administrators of the Student Information and SAP systems, along with the UNO Security Advisory Committee, to identify data storage devices on the UNO campus where high risk personal information might be stored.

As part of the process to identify information that must be protected, a campus-wide data inventory project was recently completed to identify these data storage locations. Nebraska has a state law - L.B. 876 - that details how personal data breaches must be disclosed. UNO's Chancellor made this effort a high priority. The data inventory system is intended to be a self-reporting respository linked to the UNO NetID of the person completing the entries on the form. The system has been designed for an individual to self report or a single person to fill out the inventory for an entire area. Because this is a self reporting inventory, promoting campus participation is critical. Please continue to promote the data inventory program and data security with all of your faculty and staff.

Applicable Laws and Statutes

Provisions for the security of restricted data are covered by two main Nebraska University Executive Memorandums. Memorandum 16 deals with the expectation of privacy an individual has when utilizing University of Nebraska networks and computer resources. Memorandum 26 is the University of Nebraska Information Security Plan.

Definitions

  • Restricted Data – University data that is highly confidential and is covered by state or federal privacy law. Examples include Social Security Numbers, drivers' license numbers, state ID card numbers, bank account numbers, and biometric data.

  • Sensitive Data - University data routinely used in conducting business and that may be covered by state or federal privacy laws. It is protected to preserve the privacy, safety, or reputation of individuals and/or the University. Examples include student grades, birth dates and infrastructure maps.

  • Public Data- University data which are neither ‘restricted’ nor ‘sensitive’. Generally, information that can be made available to the public without risk of harm to the University or any entities with an affiliation to the University.

  • Protected Data – That classified as ‘restricted’ or ‘sensitive’, or both.

UNO Security Policy

The UNO Restricted Data Security Policy was developed in response to Nebraska L.B. 876 to combat increasing instances of identity theft. The policy includes in-depth definitions, responsibilities, data storage, risk reduction and procedures

Restricted Data Storage Requirements and Forms

UNO Restricted Data Storage Technical Requirements.

UNO Restricted Data Storage Authorization Form.

Restricted Data Utilities

PGP is a computer program that provides cryptographic privacy and authentication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. For the purposes of Restricted Data Storage, PGP is used for full disk encryption of desktop and laptop computers for protection of files and folders stored on these machines. Faculty and Staff who store restricted data must have their computer(s) protected by PGP. We have a form to request purchase of the PGP software from ITS. A separate form must be completed for each computer that is to be protected.

Vontu is computer software that discovers, monitors and protects data wherever it is stored or used. The Vontu software in use at UNO performs two functions. The first is a continual scan of all network traffic entering and leaving the UNO computer network system to detect Social Security numbers and credit card numbers being transmitted. The second funtion it will perform is a scan of 'data at rest,' those files and folders that reside on University-owned desktop and laptop computers. A form is being developed that will be used to request 'data at rest' scans.

Frequently Asked Questions (FAQs) including why restricted data should be encrypted for transmission, and how to do that in Lotus Notes.

Click here for instructions on how to send an encrypted e-mail in Lotus Notes.

Content last modified: October 04, 2010, 1:31pm