SDPI Key Areas
The Sensitive Data Protection Initiative consists of a set of policies, data cleanup efforts,
changes in business practices, and awareness messages all aimed at protecting or reducing
the amount of High Risk data (for a definition of what constitutes High Risk sensitive data, see 1031.A and 1031.B of UW System's Administrative Policies & Procedures).
These policies provide the foundation of SDPI. They describe what constitutes High Risk data, and the roles/responsibilities we all have in protecting it.
Revision of Business Practices
Reducing the use of SSNs and other sensitive data requires revising forms and
existing business practices used by the entire campus.
Cleanup of High Risk Sensitive Data
It is the responsibility of all employees to cleanse their university workstations and
laptops of High Risk data that they do not have permission to retain. We have purchased a
tool called Identity Finder to help.
Protection of High Risk Data
It isn't always possible to remove the need for High Risk data. In these cases, we
try to protect the data using technical or business tools. Network controls, laptop
encryption and digital email certificates are some examples of the options we employ here.
Periodically, the Information Security Office sends out messages aimed at educating
both students and employees about High Risk data and the protection it needs. Bringing
awareness of SDPI options available for protecting High Risk data is vital to reducing
the risk to UWSP students, faculty, staff and the institution as a whole. Please watch for messages from the Information Security Office in MODs, wallpapers,
and direct mailings via campus mail.