| Policy: | 2.1009 |
| Title: | Information and Data Protection |
| Effective: | 09/13/2007 |
| Senate Proposal: | No |
| Responsible University Officer: | Chief Information Officer |
| Responsible Office: | Office of Information Technology |
Michigan Technological University will provide safeguards to protect information and data in compliance with The Financial Services Modernization Act of 1999, also known as Gramm Leach Bliley (GLB) 15 U.S.C. §6801, and in compliance with other federal and state laws related to privacy and protection of consumer personal information.
Note: This statement is a summary and the provisions of GLBA are controlling not withstanding the policy summary.
To be compliant with the Gramm Leach Bliley (GLB) Act, the University must develop, implement, and maintain a comprehensive information security plan that is written in readily accessible part(s) including administrative, technical, and physical safeguards as determined appropriate for the institution and data (See Appendix A). The GLB mandates that the University:
This policy is pursuant to Gramm Leach Bliley (GLB) requirements, a federal law. The statute was enacted November 12, 1999 with the Regulations effective date November 13, 2000 and a compliance date of July 1, 2001.
The Gramm Leach Bliley Act Oversight Committee developed the Michigan Tech Information Security Plan with recommendations suggested by various departments and divisions.
The information and data safeguards recommended will provide:
| Office/Unit Name | Telephone Number |
|---|---|
| Office of Information Technology, Information Security Policy Coordinator | 906-487-1727 |
| Chief Information Officer | 906-487-2015 |
Protected data and information — All student information, credit card information received in the course of business by the University, personnel files, and financial records. This includes both paper and electronic records.
Information Security Policy Coordinator - Works closely with the University counsel’s office, the networking and security administrator in the Office of Information Technology, other positions in Information Technology, as well as all relevant academic and administrative departments throughout the University, to identify potential and actual internal and external risks to the security, confidentiality, and integrity of consumer information; evaluates the effectiveness of the current safeguards for controlling these risks; designs and implements a safeguards plan, and regularly monitors and tests the plan. Periodically reviews the University's disaster recovery plan and data-retention policies and prepares a report for the Executive Team.M/P>
Office of Information Technology — Assigns appropriate GLBA responsibilities to a staff member.
Directors/Chairs/Deans or Designee - Conducts an annual data security review with guidance from the information security policy coordinator.
Executive Team - Identifies employees in their respective areas that work with protected data and information.
In support of this policy, the following procedures are included:
In support of this policy, the following forms/instructions are included:
| Adoption Date: | 09/13/2007 | Policy approved by President |