数据处理策略

政策声明

This policy states the guiding principles for information stewardship and a framework for classifying and handling confidential information and applies to all members of the 推荐全球十大博彩公司排行榜 community.

The College and its individual community members are expected to responsibly manage, 处理, and use institutional information or data for instruction, 研究, 服务, 和管理.  While such information or data may be accessed from, 或者存储在, 一个College-owned, 个人拥有的, 或第三方计算机或设备, this expectation of responsibility remains in force.

• 机构数据 consists of all information that is created, 收集, 许可, 维护, 记录, 使用, 或由学院管理, 员工, or any person or agent working on behalf of the College, regardless of the ownership or origin of the information.
• An institutional (or College-owned) system 有没有服务器?, 电脑, 移动设备, 网络, 或拥有的存储介质, 租来的, or 许可 by the College to store and access institutional data.

This College policy is intended to ensure the integrity, 可用性, and protection of institutional data without impeding legitimate, 授权访问, 和使用, 机构数据和系统.

Members of the Bryn Mawr community working with or using institutional data or systems in any manner must comply with the 推荐全球十大博彩公司排行榜 可接受使用政策.

数据分类

Because of the nature of the College’s mission and activities, every department and faculty member has some degree of access to confidential information during the normal course of work. Each person and office is expected to:

• Understand the nature of confidential information in their care
• Manage that data with safeguards proportional to the degree of confidentiality
• Understand the consequences that might result from improper handling or unauthorized access

最佳实践

员工培训

大学的员工, particularly those who use or access confidential information (Level 1), must have training which includes an overview of applicable laws; recommendations on how to avoid or address known risks, password security and encryption; appropriate methods of record storage and backup; proper methods of record disposal; and College policies and guidelines related to data security and stewardship.

Supervisors should direct employees to appropriate training resources, 并且可以咨询LITS.

数据保护

Confidential College information must be 维护 in the safest environment consistent with educational, 研究, 服务, 或者运营需求. Store confidential data in properly secured locations—see the 数据处理及储存指引.  If you use a 移动设备 to access College data, the device must be properly secured with a passcode or biometric access control, 通过加密. Use print-release functionality when printing confidential documents to shared printers/copiers. Departments and individuals are responsible for ensuring data is backed up to protect against loss due to equipment or technical failures. Consult with LITS if you have questions about how to back up data. Access to the information and/or the information storage equipment or areas must be limited to those with an appropriate business reason for such access. Supervisors will ensure that authorizations for access to confidential information are up to date for their departments as employees are hired, 改变角色, 或者离开.

While this policy focuses mainly on handling of data in electronic formats, handling of data in print formats is equally important.

• Staff must ensure the confidentiality and security of files, 报告, 以及任何其他打印文件. Such documents must not be left unattended in public places or common areas. 
• 存储区域, 文件的房间, and file cabinets with confidential information must be locked at the end of the day or whenever the area will be unattended.
• When printing confidential documents on shared printers, use secure print release. 
• All printed documentation containing confidential information must be shredded when discarded or no longer needed.

密码

Access to electronic information must be protected by strong passwords. 密码 must never be shared with anyone. 参考学院的 可接受使用政策.

安全更新和补丁

The College is responsible for updating core systems, 服务器, and 网络 infrastructure and will do so as per the 系统维护策略.

Employees and students are responsible for applying recommended software updates and patches on a timely basis and keeping up-to-date software installed on all College-owned and personal devices and 电脑s that connect to the Bryn Mawr 网络. They must install updates or patches that software vendors deem critical for security as soon as reasonably possible after release.

防病毒保护

The College supports and maintains antivirus software for all College desktop devices. Employees must ensure they are using current antivirus protection software on any device they use for College business; contact LITS for College-recommended options.

个人设备

Use a properly secured device to gain remote access to confidential College data. Do not use devices shared with others for accessing confidential College information. Avoid downloading confidential information to personal devices and avoid transmitting such data over the internet (e.g.，电邮转发).

安全删除数据

Information no longer necessary for educational, 研究, 服务, 或者运营需求 and not necessary to retain by law or College policy must be securely deleted as a regular business process or once discovered.

电子邮件转发

For community members with email accounts, all official College electronic correspondence will come to you via your Bryn Mawr email address.  Each individual is responsible for promptly receiving official correspondence by accessing their Bryn Mawr email.

教职员工: 教师 and staff may not systematically forward email to external accounts. Any faculty or staff member who is also an alumna/us or who holds other status must remove any forwarding in the email system and any alumnae/i forwarding in Bionic for the time that they are employed. Forwarding email increases the risk of exposing sensitive data.

Shared (或者离开mental) email addresses being 使用 for official College purposes may not be forwarded outside honforjapan.net.

学生: 学生 who prefer to use another account are responsible for forwarding email and configuring outside accounts to accommodate 推荐全球十大博彩公司排行榜 email. Bryn Mawr cannot guarantee delivery or recovery of emails forwarded to outside accounts (see http://techdocs.blogs.honforjapan.net/1800).  学生 who forward their Bryn Mawr email to an external account are responsible for regularly checking their Bryn Mawr email via that personal account. 研究生 and undergraduate students holding campus positions that involve access to privileged information may be required to remove email forwards.

Please note that popular personal email accounts such as Gmail, Outlook.com等. are not offered under the same terms of 服务 as your institutional email account and do not promise confidentiality or compliance with any standard; use caution and read terms of 服务 carefully.

存储 

看到 数据处理及储存指引.

违反政策

Members of the Bryn Mawr community who either intentionally or unintentionally violate this policy and/or the 可接受使用政策 risk loss of access to some or all College information resources and may be subject to other penalties and disciplinary action, both within and outside of the College. The College may refer suspected violations of applicable law to appropriate law enforcement agencies.

相关政策

• 可接受的使用政策-图书馆 & 资讯科技服务 资源
• Digital Millennium Copyright Act (DMCA) Policy
• 网站政策
• InCommon Federation Participant Operational Practices