Memorial moves to further protect personal information
by Jeff Green
Memorial has taken steps to help protect confidential information at the university. The move comes in light of several recent data breaches from a number of institutions, including a possible one at Memorial.
As a result, the university has implemented several mandatory safeguards effective immediately.
The directive is being managed by the Department of Computing and Communications (C&C), in consultation with the President's Office and the university's Information Access and Privacy Protection Office (IAPP).
According to the new regulations, the use of file-sharing programs such as LimeWire and Bearshare, as well as chat programs such as MSN Messenger and ICQ are not permitted on any Memorial-owned computers.
Chat tools that are controlled by Memorial, such as the D2L software that DELT provides and ACEnet's inSORS videoconferencing are excluded.
As well, it is not permissible to copy personal and or confidential information to unencrypted portable storage devices like unencrypted flash drives, memory sticks or CDs.
Memorial is also implementing new contract language with external contractors and consultants requiring them to adhere to the university’s data security policies and these guidelines. The contract schedule, which should be added to all contracts, is located online.
Meanwhile, employees on Memorial’s campuses are not permitted to work with files containing personal or other confidential information on computers not owned by Memorial except where such use is via Remote Desktop Connection. The preferred means of accessing MUNet from any external computer, is via Remote Desktop Connection. Virtual Private Network (VPN) access will be limited and granted only on an exception basis.
Finally, Memorial will be developing a policy on data and information security. In addition, the university is planning to hold a series of information sessions to explain how to follow these safeguards. More information on these events will follow.
Graham Mowbray, director of Computing and Communications at Memorial, said the new regulations have been put in place to help to continue protecting personal and confidential information at Memorial.
“With the recent implementation of the Access to Information and Protection of Privacy Act, Memorial is now legally responsible to safeguard confidential and personal data,” said Mr. Mowbray.
“Memorial’s IAPP Office and C&C recognize that we need to balance strict security guidelines against the usability of our information resources so we are working together to minimize the disruption that these safeguards will cause and at the same time protect our students, faculty and staff from breaches of the ATIPP legislation.
“I also want to stress that these regulations apply only to those computers that are owned by Memorial; student equipment is exempt from them. However I would recommend that anyone, on campus or not, should understand the intent of these safeguards and implement as many of these as they can in order to ensure that they are practicing safe computing.”
Anyone with questions regarding the new safeguards can contact the C&C Help Centre at firstname.lastname@example.org or 737-4595.