200 likes | 346 Vues
Protecting Privacy of Institutional Data. Being aware of and respecting student, faculty and staff requests for privacy of personal data in LAN/NOS environments. Agenda. Why me, why now? Types of privacy requests Data sources and privacy requests UMOD attributes describing privacy requests
E N D
Protecting Privacy of Institutional Data Being aware of and respecting student, faculty and staff requests for privacy of personal data in LAN/NOS environments
Agenda • Why me, why now? • Types of privacy requests • Data sources and privacy requests • UMOD attributes describing privacy requests • Honoring privacy requests in eDir • Honoring privacy requests in AD
Why me, why now? • Provisioning projects in eDirectory (Michigan Tree) and Active Directory (UMRoot ‘academic’ forest) provide institutional data to LAN/NOS environments • Included in that data is information about privacy requests of individuals • These requests must be honored in the LAN/NOS environments, whether the protected data is derived from institutional data or locally populated
Types of privacy requests • Do Not Publish • FERPA • UMOD Private
Do Not Publish • Faculty and staff • Applies to home address and phone number • Requested through Wolverine Access • See http://www.itd.umich.edu/itcsdocs/s4276/#infoout
FERPA • Family Educational Rights and Privacy Act of 1974 (also known as Buckley Amendment) • Protects privacy of student’s education records • Certain information designated “directory” information • Student may request that “directory” information be kept private and protected • Request made in the Office of the Registrar, renewed each term • See http://www.umich.edu/%7Eregoff/rights.html
U-M “directory” information • Name • Permanent/Local Address and Phone • UM School or College • Class Level • Major Field • Dates of Attendance • Degree(s) received • Dates awarded • Honors & Awards received • Participation in recognized activities • Previous school(s) attended • Height/Weight of members of intercollegiate athletic teams
UMOD Private • Applies only to information in UMOD (U-M Online Directory) • Hides most of the information in your directory entry from anyone other than yourself • See http://www.itd.umich.edu/itcsdocs/s4276/#infoout
FOIA • Freedom of Information Act • Contact U-M FOIA Officer, Lewis Morrissey (morrisse@umich.edu) • Requests must be acknowledge within 5 days by the U-M FOIA Office • See http://www.umich.edu/~urel/foia.html
AD and eDir populated by data from UMOD (U-M Online Directory) Contains student and employee (faculty and staff) data from Ann Arbor, Dearborn and Flint Contains alumni and retirees Data sources and privacy requests
Honoring privacy requests • Do not populate protected attributes for private users • Providing some resources may require attributes to be populated (email) • If attribute must be populated, user (student or employee) must first grant written permission for the protected data to be used for that purpose. Do not use that data for any other purpose. If written permission is not granted, then you cannot populate that attribute.
Honoring privacy requests in eDir • The only data on a user populated from UMOD is the uniqname • Uniqname is also used for the required surname attribute • While a local admin has eDir rights to populate user attributes, they must respect privacy requests
Additional Resources • The U-M Online Directory Via the Web: Finding and Changing Your Personal Entryhttp://www.itd.umich.edu/itcsdocs/s4276/#infoout • Office of the Registrar: Student Rights and Student Records http://www.umich.edu/%7Eregoff/rights.html • University of Michigan and Michigan's Freedom of Information Act http://www.umich.edu/~urel/foia.html • Handling Student, Employee, and Patient Information: Quick Reference Sheet • Introduction to M-Pathways SA and HRMS: Access and Compliance • SPG 601.11 – Privacy of Electronic Mail and Computer Files, etc. http://www.umich.edu/~spgonlin/pdf/601.11.pdf • SPG 601.12 – Institutional Data Resource Management Policy http://www.umich.edu/~spgonlin/pdf/601.12.pdf
Honoring privacy requests in eDir • How-to
Honoring privacy requests in AD • Users with any of the four privacy flags on are populated with only uniqname • When users are moved into Accounts OU, admin has the ability to modify attribute values and must protect privacy requests
Honoring privacy requests in AD • How-to