Fighting identity theft

Identifying and securing confidential and nonpublic data at WSU ratcheted up this month under the direction of a universitywide data security taskforce.

The task force, comprised of “data custodians” representing Information Technology Services and the IT Security Office, ensures that WSU complies with recent legislation RCW 42.56.590, as well as other federal and state laws and WSU policies. Following are some items the task force has instituted:

Risk assessment
A key first step is conducting a risk assessment of the university’s confidential information assets to help departments identify and remediate areas that present high risks. Several departments and colleges are participating in a pilot assessment study in the form of a questionnaire that will:
• identify confidential data collected, managed and maintained by departments
• help determine the risk associated with that data
• help ensure the data and hosting devices are properly protected
The ITS Security group will meet with departments to review results and improve data security.

Confidential data
Access to Social Security numbers and other sensitive information managed through the data warehouse software programs and Admissions Data Mart have been restructured. WSU employees who access this data will be reauthorized based on job duties and responsibilities.

In the Student and Financial Data Warehouses, Social Security number access has been restricted to those few people who have been pre-approved for business reasons. Additional data regarding race/ethnic origin, disability and veteran’s status has also been restricted in the Financial Data Warehouse.

Social Security numbers are being removed from nearly one third of official university business paper forms found in the BPPM and SPPM. The remaining forms that request a Social Security number, bank number or driver’s license number are under review. Where possible, the request for this data will be removed from the forms. Instead, WSU ID numbers or other information will be used to meet business requirements.

Authorization, reauthorization
The security of Administrative Information Systems (AIS) has been improved by denying AIS account access to employees whose work with the university has been terminated — typically within 24 hours. Additional measures are being taken to remove account access for current employees that have not used their account for one year or more. These steps will reduce the number of active AIS accounts by 30 percent. Account access can be reinstated with proper approval.

An automated authorization process for new employees and reauthorization process for existing employees using ITS managed university data including AIS is being developed.

Third-party contracts
Language regarding data security and confidentiality has been drafted for use in third-party contracts. The language covers use and nondisclosure of confidential data and exceptions between WSU and vendors. Vendors are obligated to secure confidential data and take specific steps if there is any breach of security. The language will be available following administrative approval.

Next Story

WSU Common Reading accepting desk copy requests for 2024–25 book

Paperback copies of How the Other Half Eats: The Untold Story of Food and Inequality in America are available at no cost from the Common Reading Program for instructors and staff at four campuses.

Recent News

IBC professor takes on new leadership role

Mark Lange is stepping into a new role as WSU’s Institute of Biological Chemistry director after serving as interim director for 18 months.