Academics

Last Revised: September 1, 2011

Refer Questions to: Executive Director, Gallaudet Technology Services

Policy

A new (T1) & Information Security Agreement is effective as of September 1, 2011. Users who have access to information beyond their own self-service data in enterprise information system, system administrators, and uers with access to confidential and restricted information are required to sign the T1 Information Security Agreement every year. New users requesting privileged access should submit a request via the IT Service Desk. Gallaudet Technology Services (GTS) will send new T1 forms to existing users beginning in Fall 2011.

Definitions

The following table is a glossary of terms used in the Information Security Agreement (ISA). & It is important to note that Gallaudet’s Data Classification System defines two categories of data that are subject to elevated protection: Confidential Data and Restricted Data. Users with access to such data share responsibility with the Data Stewards (office that manages the data) and the Data Custodians (office that manages the technology systems that store the data) to protect such data, ensuring it is available only to those who are authorized and used only for authorized purposes.

TERM DEFINITION

Access

To view, use, or change information.

Authorized duties or activities

Duties or activities that are established by those with appropriate authority (e.g., division head, director, dean, chairperson, manager, or supervisor) related to the role or function of members of the workforce.

Authorized Software

Software that is authorized for use by the designated Data Stewards or Data Custodians.

CONFIDENTIAL Information

CONFIDENTIAL Information is information that is very sensitive in nature, and requires careful controls and protection. Unauthorized disclosure of this information could seriously and adversely impact Gallaudet University or the interests of students, other individuals and organizations associated with Gallaudet University. Examples include: personally identifiable information, protected health information, workforce records, student records, financial records, social security numbers, credit card numbers, legally protected University records, research data, and passwords.

Confidentiality

Expectation that information will be protected from unauthorized use or disclosure.

Disclose

Make known, reveal, release, transfer, or provide access to information in any manner.

Information Security Officer (ISO)

Gallaudet University has designated an Information Security Officer (ISO) who serves as the Privacy Official who assists in developing and implementing information security policies and procedures. The Privacy Official may identify or appoint designee(s) to assist in the performance of these functions.

Licensed software

Software that the Gallaudet University has been granted permission from the owner to use under a written license agreement or contract.

Minimum amount of information necessary

Minimum Necessary Standard: When using or disclosing RESTRICTED or CONFIDENTIAL information, Gallaudet University must make reasonable efforts to limit disclosures to the minimum necessary to accomplish the intended purpose of the use, disclosure or request. This standard does not apply to:

  • Uses and/or disclosures required by law or legal authorization
  • Uses and/or disclosures required for compliance with FERPA or HIPAA Privacy Regulations.

Personally identifiable information (PII)

Personally identifiable information (PII) is information that is a subset of individual and student information, including demographic, financial, or sensitive information collected from an individual and:
  • That identifies the individual; or
  • With respect to which there is a reasonable basis to believe the information can be used to identify the individual.

Privileged Access

Privileged access is access to information in Gallaudet systems and data bases that extends beyond one’s access to one’s own self-service data.

Protected health Information (PHI)

Protected health information is a subset of personally identifiable information maintained in permanent health records and/or other clinical documentation in either paper-based or electronic format.

Proprietary information

Gallaudet University possesses exclusive rights over the information within its systems.& This includes business plans, financial information or other sensitive materials and information in printed, electronic or signed/spoken form that may affect employee rights or organization’s operations.

RESTRICTED information

RESTRICTED Information is information that is business data, which is intended strictly for use by designated Gallaudet University employees and agents.& This classification applies to information less sensitive than CONFIDENTIAL information.& Dissemination of this information shall only be made to members of the Gallaudet University workforce or others with an established need-to-know.

Safeguard

Protect or cover from exposure, using precautionary measures.

System Administration Duties

System administration duties consist of all aspects of managing a technology-based information system, including but not limited to, user administration, front-office and back-office hardware and software configuration and management, data base administration, and network, domain, and other technology infrastructure management.

Workforce

Faculty, teachers, staff, students, temporary employees, contractors, interns and trainees, volunteers and other persons who perform work for Gallaudet University, and whose work conduct is under Gallaudet University direct control regardless of whether or not the workforce member is paid by Gallaudet University.


Previous Policy

Use of Gallaudet technology resources prior to September 2011 was governed by the agreement below.

This document applies to data bases for all units within Gallaudet University, including the Clerc Center. Every use of the term “Gallaudet University” herein is inclusive.

I understand that Gallaudet University administrative data bases, instructional support databases, and some research databases contain confidential information that may be protected by Federal law, such as the Family Educational Rights and Privacy Act, by local law, or by Gallaudet University policies.

I understand that the accounts assigned to me granting access to Gallaudet University databases are provided only for job related activities and that all other uses of such accounts are expressly prohibited by the University and may be illegal.

I understand that I may not print, copy, transfer, or expose to others information in Gallaudet University databases except in the performance of appropriate job related functions and that it is my responsibility to gain guidance from an appropriate supervisor when in doubt about sharing information.

I accept responsibility for protecting my account user name(s) and password(s) and assuring that they are not given to or used by any other persons. I understand further that any abuse of my access by another person will be considered the same as an abuse by me.

I understand that Gallaudet University will take action against anyone who accesses confidential databases, including, but not limited to, database/module data in PeopleSoft or Workday for purposes unrelated to their work or who misuses Gallaudet University data. Gallaudet University’s actions may include a letter of reprimand, reassignment, loss of data access privileges, termination of employment, or other actions in keeping with Gallaudet University Personnel policies. When access to, or use of, data may be in violation of law, Gallaudet University will refer the matter to law enforcement personnel.

Last Reviewed: 11/04/2019

Contact Us

Technology Services

Hall Memorial Building W-121

(202) 250-2507

(202) 651-5300

(202) 651-5023

Monday
9:00 am-5:00 pm
Tuesday
9:00 am-5:00 pm
Wednesday
9:00 am-5:00 pm
Thursday
9:00 am-5:00 pm
Friday
9:00 am-5:00 pm