Gallaudet University
Who We Are
Our Work
Overview
News & Stories
Oct 4, 2024
Upcoming Events
October 16, 2024
October 17, 2024
University Wide Events
No Communication Compromises
Areas of Study
Schools
Programs
Changing the world
Research
Community & Innovation
Research Experiences & Services
Our Global Presence
Global at Home
Global Learning For All
Global Engagement
Your Journey Starts Here
Admissions
Financial Aid
Explore Our Campus
Connect
Discover
Influence
Directories
Popular Keywords
Explore
Quick Links
GU
/
Technology Services
Technology Policy
Sensitive Information Handling
Hall Memorial Building W-121
(202) 250-2507
(202) 651-5300
Email Us
Last Revised: January 10, 2019
Refer Questions to: Executive Director, Gallaudet Technology Services
Many Gallaudet University departments handle sensitive information about students, faculty, and staff that the university must safeguard against the loss and theft of sensitive information. All individuals who have access to confidential or restricted data are required to sign a T1 Information Security Agreement (see Information Security Guidelines) and ensure the protection of data to which they have access.
All sensitive electronic information including all Gallaudet University constituent Social Security Numbers (SSNs), birth date, credit card, and other personal identification information must be stored on Gallaudet University data center servers, rather than on personal and departmental PCs, laptops, or other storage media including portable drives, USB thumb drives, and CDs/DVDs. IDfinder software is being deployed to help end-users to identify and remove sensitive information from their personal and departmental devices.
If sensitive information needs to be transmitted (moved to others or other locations), individuals are responsible for ensuring that the transport is via secured transport methods (e.g., secure FTP, secured USB drive, private tunnels or VPN (virtual private network). If sensitive data must be transmitted via USB thumb drive, the drive must be secured and offices are responsible for buying their own secured USB thumb drive from vendors such as IronKey or Kingston. Individuals are expressly prohibited from transmitting any sensitive data or personally-identifiable information via unsecured email.
In cases where Gallaudet University departments task external vendors or contractors to work with sensitive university data, then the data steward (e.g., Human Resources, Registrar) working with the external vendor or contractor must inform GTS of such projects upon initial discussion via submission of a IT Service Desk ticket. The specific data delegation and data transmission methods must be documented and approved by the GTS Executive Director and the budget unit head of the office that has data stewardship responsibilities. All such approval shall be documented within the IT Service Desk system and in the GTS Information System Inventory. All data shared with outside vendors must be stored and transmitted in an encrypted format.
If you witness a violation to this policy, you need to notify the appropriate university authorities.
Employees
Gallaudet University employees should report a violation to this policy in the following manner:
Students
Gallaudet University students should report violations of this policy to both their Academic Advisor and the GTS Information Security Officer (ISO), with a copy to the GTS Executive Director.
Alumni, Visitors, or others
Gallaudet University visitors should report violations of this policy directly to the GTS Executive Director and the GTS Information Security Officer (ISO).
Last Reviewed: 11/04/2019
(202) 651-5023