About this policy
Policy contact:
Date of last update:
July 24, 2024
Policy statement
The Luddy IT staff will endeavor to continually educate the Luddy community about the importance of data security and privacy and will publish materials to aid community members in identifying sensitive data types and use and outline best practices for handling data and securing devices.
In cases where access to critical and restricted data is required, supervisor verification of need and appropriate data owner or Data Steward approval must be acquired. Luddy IT staff will work to ensure the data is compliant with IU policy and confidentiality, integrity and accessibility is maintained.
Exceptions to policy
None
Procedures
- Data privacy and security info graphic card (PDF) is distributed to all current and new faculty and staff. This card is reviewed annually and revised as needed.
- Incident Response Policy text will be posted in Luddy-occupied buildings
- Critical Data is stored only on approved devices and transferred across the network only with strong encryption
- User’s personal files in local Documents and Desktop are synced with the user’s OneDrive storage. Critical data is stored in their department’s approved Microsoft Teams secure storage, created via the IU Institutional Storage request process.
- The Luddy IT group will work with the various offices within Luddy to assist in protecting sensitive date entrusted to those offices.
- The Luddy IT group will work with researchers who may also consult with the Secure My Research service to ensure security and compliance
- All Luddy laptops are set up with full disk encryption before being released to end users
- Backups of central file servers are sent to UITS backup services with encryption.
- Approval to access critical and restricted data will be documented per IT Policy: Problem Resolution and Service Desk including appropriate approvals.
References
- IU KB: How can I securely wipe disk drives?
- IU KB: At IU, how shoudl my department dispose of old computer equipment?
- IU IT Policy: IT-07 Privacy of electronic information and information technology resources
- Protect IU: Secure data removal
- Data management at IU
- Policies
- Types of data
- Critical data guide
- Tools for managing data
- Luddy IT Policy: Incident response
- IU KB: CAS + DUO - two step login