首页 » 网上火博体育 » ESGC概览 » 政策 & 程序 » 资料保安及私隐政策

21年4月27日总统内阁通过

目的:

The purpose of this 政策 is to provide guidance for the appropriate usage and security of confidential and sensitive information at 可靠的火博体育 and is essential for compliance with federal and state law and the 佐治亚大学系统 (USG) 需求.

背景:

The EGSC 资料保安及私隐政策 was created to comply with the data security 需求 defined in Section 12 of the USG Business 程序 Manual (BPM), the 美国政府信息技术手册,美国家庭教育权和隐私权 Act (FERPA), the Payment Card Industry Standards Council, and other applicable 法律, 法规和遵从性要求.

范围:

The EGSC 资料保安及私隐政策 applies to all individual utilizing “organizational USG BPM第12节中定义的“数据”.1 as:信息系统中管理的数据 由,或代表,美国地质调查局组织. 组织数据是指 record facts, statistics or information, which is read, created, collected, reported, 由组织的办公室更新或删除. 数据可以以电子方式存储 或身体. 组织数据可以驻留在组织信息系统中 或者第三方系统.

Users, hereinafter referred to as data users, include but are not limited to students, 教师,员工,外部承包商和游客. 这包括教职员工 在担任研究人员或主要调查人员期间.

排除或例外: Due to the critical importance of protecting student and employee privacy and confidentiality, the only exceptions that will be granted to the 资料保安及私隐政策 concern 正在过渡到静态数据加密的遗留系统.

USG BPM的定义和缩略词

    • 无限制的/公共信息 is information maintained by a USG organization that is not exempt from disclosure 根据《网上火博体育》或其他适用的州或联邦法律的规定 法律. Some level of control is required to prevent unauthorized modification or destruction 公共信息. 例子包括EGSC网站、EGSC宣传资料、 等.
    • 敏感信息 信息是否由USG组织维护,需要特别的预防措施 防止未经授权的使用、访问和披露,防止不当行为 信息被修改、丢失或破坏. 敏感信息也不例外 from disclosure under the provisions of the Open Records Act or other applicable state 或联邦法律,但不一定是为了供公众消费. 例如:部门 营运计划的连续性.
    • 机密信息 is information maintained by a USG organization that is subject to authorized restrictions on information access and disclosure, including means for protecting personal privacy 以及专有信息. (44 USC第3542条)机密机密文件是 exempt from disclosure under the provisions of the Open Records Act or other applicable 州或联邦法律. 例如,非公开的专有、机密信息 and documents containing such information as Social 安全 number, driver’s license number, state identification card number, personal identification numbers, education 成绩及成绩.
    • 研究数据 记录的事实材料是否被科学界普遍接受 验证研究结果的必要条件. 这包括(1)来自或网上火博体育 data sets used in research; unpublished proprietary information, preliminary analyses, drafts of scientific papers, plans for future research (2) peer reviews or communications with colleagues; personal and medical information and similar information obtained from or about participants in a research study, the disclosure of which would violate their consent to participate in the study or information that could be used to identify 研究对象:研究中特定的人. 研究数据免于公开披露 under the Georgia Open Records Act unless such data is publicly released, published, 有版权或专利的.

政策

    1. All data users will adhere to all current IT policies and procedures required by EGSC 和美国政府.
    2. Data users will only use confidential 和/或敏感信息 in support of the EGSC授权资料使用者执行的业务. 资料使用者不会使用、披露、 or publish confidential 和/或敏感信息 for any reason other than official EGSC业务. 
    3. Research data that incorporates personally identifiable or sensitive elements (such as Social 安全 numbers), or proprietary college information or trade secrets or includes controlled unclassified information or export controlled information, must 是否有足够的安全保护并被视为受限数据.
    4. It is the responsibility of the Principal Investigator to properly identify the classification of their data and to provide appropriate protections, as well as any additional data 根据赞助项目的条款可能特别要求的安全性 agreement (such those in the Federal Information 安全 Management Act or the Food 和药品监督管理局的电子记录条例).
    5. The data user understands that EGSC reserves the right to impose legal and/or disciplinary action against the data user in the event of unauthorized use or disclosure of confidential 和/或敏感信息. 
    6. Confidential 和/或敏感信息 must not be transferred by any method to 没有被授权访问该信息的人. 用户必须确保 adequate security measures are in place at each destination when confidential and/or 敏感信息从一个地方转移到另一个地方. 
    7. Confidential information must be encrypted while at rest and while in transit, consistent 参考USG信息技术手册第5节.1.2、乔治亚州法律. 
    8. Confidential 和/或敏感信息 must be stored and accessed in appropriate college provided system and only copied locally if encryption or approved security 已经采取了预防措施来保护这些信息. 服务器和其他计算机 storing all college information shall have a data protection strategy in place and 应定期扫描漏洞并修补. 
    9. Users are prohibited from storing confidential 和/或敏感信息 on cloud 非学院提供的服务. 
    10. Users are required to store all institutional data in alignment with the USG BPM definitions 在存储规则之上. 网上火博体育数据分类和存储的问题应该 请直接联系EGSC的数据安全官.

违反

EGSC reserves the right, at its sole discretion and without prior notice to a data user, to temporarily or permanently rescind a data user’s access to confidential and/or sensitive information if it determines a breach of any provision of this 政策 has 发生. 资料使用者明白及同意任何未经授权的查阅或 disclosure of confidential 和/或敏感信息 may subject the offender to disciplinary action by EGSC, up to and including administrative or student conduct 审查、终止或法律诉讼. 

The Vice President for 信息技术 reserves the right to disable a system accounts and user accounts if activity is inconsistent with applicable 法律 and college 政策.

审查

The Vice President for 信息技术 or his designee will review the Data 每年的保安政策.