releasing and publishing information: 1 st ask yourself 2 questions
DESCRIPTION
Releasing and Publishing Information: 1 st Ask Yourself 2 Questions. Am I authorized to disclose this information? What level of protection does this information require?. Federal Laws Ex: FERPA, GLBA, HIPAA State Laws Ex: TPIA University Policy and Procedure Statements (UPPS). - PowerPoint PPT PresentationTRANSCRIPT
Am I authorized to disclose this information?
What level of protection does this information require?
Releasing and Publishing Information: 1st Ask Yourself
2 Questions
UPPS 01.04.00 - Overview
• Federal Laws– Ex: FERPA, GLBA, HIPAA
• State Laws– Ex: TPIA
• University Policy and Procedure Statements (UPPS)
Question 1
• Am I authorized to disclose this information?– Use UPPS 01.04.00, Attachment
II Information Custodian Chart– Are you the custodian/owner of
the data?
System Owner
• State of Texas-DIR says: a System Owner is a person responsible for(A) For a business function; and (B) For determining controls and access to information resources supporting that business function.
• The owner of an information resource…is responsible for classifying business functional information.
• Typically this is a department or unit head
Question 2
• What level of protection does this information require?
Classes of Information – Best Practices
• may be freely disseminated to the public without potential harm to the University, individuals, or affiliates, e.g., job postings, service offerings, published research, directory information, degree programs.
Public information
• is restricted to those with a need to know; uncontrolled disclosure might prove harmful to the University, individuals, or affiliates, e.g., student records, salaries, performance appraisals, procedural documentation.
Sensitive information
• is excepted from disclosure requirements under the provisions of applicable state or federal law, e.g. the Texas Public Information Act. Unauthorized disclosure of this information could have a serious adverse impact on the University, individuals, or affiliates.
Restricted/ Confidential information
Scenarios – Ask the 2 Questions
• You work in the Graduate College and receive a request from a large technology company for a list of CS and CIS candidates for spring 2008 graduation with current GPA’s above 3.50. – Am I authorized to disclose this information?– What level of protection does this
information require? – How might my answer be different if:
• I worked in a different office?• they asked for graduates from fall 2007
& the GPA threshold was 3.40, 3.60, or 3.80?
Scenarios – Ask the 2 Questions
• You teach a Sociology class and want to put all of your students’ essays on your personal faculty webpage for review and comment by other students in the class.– Am I authorized to disclose this information?– What level of protection does this
information require? – What unstated considerations might affect
my answers to the questions above?
More Examples
• Professor's blog• E-mail addresses• Date of birth, ethnicity• Unique or proprietary chemical
formulas or computer code• Login/password credentials• Donor or other third party partner
information
Q & A