Sensitive Data Protection Initiative (SDPI)
Through the Sensitive Data Protection Initiative and these policies,
we will increase awareness of this issue and reduce or eliminate our
use of sensitive data across the campus, thereby protecting the
privacy of the individuals who have entrusted us with their
personal, sensitive information and reducing their risk of having
their identity stolen.
-- Provost Mark Nook (April 2009)
The Sensitive Data Protection Initiative is a campus-wide initiative to protect highly
sensitive university data through a combination of projects, technology, and cooperation.
Previous work to secure sensitive data concentrated on servers, network security, and awareness.
While this is crucial for overall security, a similar effort was needed to focus on business
practices and how sensitive data was being used. SDPI is the name we have given to this effort.
The overall objective of SDPI is to protect or eliminate the use of High Risk sensitive data
across campus, thereby reducing the risk of unintended disclosures and subsequent damaging effects to individuals and the institution. The directive to accomplish this is not just
to meet our legal requirements. It is our obligation to protect an individual's data
(such as SSN) from current threats like identity theft or stolen bank account information.
Campus policies define High Risk data and outline employee
responsibilities for protecting it. Revisions to business
practices make it easier to protect sensitive data. For an overview of the policies and current projects under the SDPI
umbrella read our
Employees are being asked to scan their computers for High Risk data
using software called Identity Finder. For information on how to use
Identity Finder, click here.