Fighting identity theft

Identifying and securing confidential and nonpublic data at WSU ratcheted up this month under the direction of a universitywide data security taskforce.

The task force, comprised of “data custodians” representing Information Technology Services and the IT Security Office, ensures that WSU complies with recent legislation RCW 42.56.590, as well as other federal and state laws and WSU policies. Following are some items the task force has instituted:

Risk assessment
A key first step is conducting a risk assessment of the university’s confidential information assets to help departments identify and remediate areas that present high risks. Several departments and colleges are participating in a pilot assessment study in the form of a questionnaire that will:
• identify confidential data collected, managed and maintained by departments
• help determine the risk associated with that data
• help ensure the data and hosting devices are properly protected
The ITS Security group will meet with departments to review results and improve data security.

Confidential data
Access to Social Security numbers and other sensitive information managed through the data warehouse software programs and Admissions Data Mart have been restructured. WSU employees who access this data will be reauthorized based on job duties and responsibilities.

In the Student and Financial Data Warehouses, Social Security number access has been restricted to those few people who have been pre-approved for business reasons. Additional data regarding race/ethnic origin, disability and veteran’s status has also been restricted in the Financial Data Warehouse.

Social Security numbers are being removed from nearly one third of official university business paper forms found in the BPPM and SPPM. The remaining forms that request a Social Security number, bank number or driver’s license number are under review. Where possible, the request for this data will be removed from the forms. Instead, WSU ID numbers or other information will be used to meet business requirements.

Authorization, reauthorization
The security of Administrative Information Systems (AIS) has been improved by denying AIS account access to employees whose work with the university has been terminated — typically within 24 hours. Additional measures are being taken to remove account access for current employees that have not used their account for one year or more. These steps will reduce the number of active AIS accounts by 30 percent. Account access can be reinstated with proper approval.

An automated authorization process for new employees and reauthorization process for existing employees using ITS managed university data including AIS is being developed.

Third-party contracts
Language regarding data security and confidentiality has been drafted for use in third-party contracts. The language covers use and nondisclosure of confidential data and exceptions between WSU and vendors. Vendors are obligated to secure confidential data and take specific steps if there is any breach of security. The language will be available following administrative approval.

Next Story

Recent News

Colombian women’s rights pioneer got her start in Pullman

Paulina Gómez Vega’s experience at Washington State College in the early 1920s set her on a path that made her an education leader and an influential voice for women’s rights back home.

Provost finalists visiting the week of April 1

Finalists in the process of interviewing for the position of provost and executive vice president will present to the public during their visits to WSU next week.

McCoy named interim WSU athletic director

A widely recognized leader in intercollegiate athletics, McCoy will serve while a national search is conducted for the next athletic director.

WSU to review administrative structure

President Kirk Schulz used his annual State of the University Address to highlight both achievements and challenges while also announcing a planned review of WSU’s administrative structure and academic programs.