Policies Overview


As a basis for the Sensitive Data Protection Initiative (SDPI), necessary policies and procedures were developed to get the entire campus involved. A representative group of high level administrators called the Data Stewards was convened to do the development work along with the Information Security Office (ISO) and Information Technology Policy and Planning Team.

  • Data Access and Protection Policy

    This policy establishes a standard definition of "High Risk Data" and the security precautions needed to protect that data. This provides the basis for complying with federal/state laws such as the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights & Privacy Act (FERPA), and Wisconsin Notification Act 138, and applies to all university data.

  • Roles and Responsibilities Policy

    This policy details the authority and responsibility of the Data Stewards group. This policy also details the responsibilities of other university personnel when dealing with High Risk data under the control of a Data Steward.

  • Confidentiality Agreement

    This is an agreement between the employee and the institution that details specific responsibilities when handling university data. This gives employees an understanding of what is expected of them, and also provides feedback to the institution when an employee feels a business practice isn't allowing them to meet these responsibilities.

  • Request Storage of Sensitive Data

    This is a supporting procedure (and form) to the Roles and Responsibilities Policy. The request procedure is used to help the Data Stewards maintain an understanding where and how High Risk data under their control is being used. Employees needing access to High Risk data are required to submit this form to the assigned Data Steward for approval.

These policies also drove a number of other projects designed to revise existing business practices and reduce or eliminate High Risk data across the campus. You can read about them here.