The Daily Bulletin Archive

Modern technology has unleashed a torrent of information, and with it, an unprecedented need to safeguard personal records. A campus committee is working to refine and revise guidelines, in accordance with a SUNY-wide initiative, on how the Buffalo State community can better protect sensitive data.

Judith Basinski, associate vice president for computing and technology services (CTS), and Thomas Killian, networking and communications manager for CTS, are leading the charge to create a compact set of information-security guidelines by the end of the semester. Basinski said that besides the SUNY-wide initiative, increased use of portable media and reports of laptop theft have also spurred Buffalo State’s actions.

“Ted Phelps’s [SUNY’s security information officer] plan last fall was to get every SUNY campus to start developing a formal security information program by July,” she said. “Fortunately, our group got together early. Our deans are committed to this and understand the issues. Everyone in the group is very cooperative and willing to help.”

CTS already provides many layers of network and data security, including Oracle central data servers and up-to-date antivirus and antispyware programs. Nevertheless, it is ultimately up to employees to make sure sensitive data is not lost, stolen, or accessed. Basinski believes that sharing passwords, using mobile devices such as flash drives and laptops, and leaving reports unsecured pose some of the greatest information security risks.

“Information such as Social Security numbers and academic grades is protected by law,” she said. “It is important for all of us to understand how we use the information we receive, who we share it with, and how we store it.

“I’ll never forget the time a professor tried to e-mail a class roster of grades and accidentally carbon-copied the entire class,” she continued.

Once the guidelines are finalized and disseminated, Basinski says, the committee will work to update them every semester. In the meantime, she offers the following advice to the Buffalo State community:

• Make sure your desktop password is alpha-numeric, and change it frequently.
• Lock up your computer and your files when you are away.
• Keep sensitive information on the Buffalo State network instead of on your hard drive.
• Do not share your passwords with anyone.
• Always keep mobile devices in your possession.

Failure to protect personal and academic information may result in legal action against offending employees. Employees accused of failure to protect confidential information that results in harm to an individual may not be covered by Public Officer’s Law, and therefore not defended by New York State.

Examples of personal information that must be kept confidential include Social Security numbers, health information, and disability status. Examples of academic information that must be kept confidential include grades, class schedules, and student identification numbers. Faculty and staff members may not post test scores or grades using any portion of a student’s name, Social Security number, or student identification number. They must also refrain from providing students’ parents with information related to their child’s academic performance or other personal information unless given permission to do so by the student.

A notice about the new information security guidelines should appear both electronically and in print for faculty and staff by the end of the semester. But no matter what type of data comes their way, Basinski offers employees an overarching “golden rule”: “Think before you do anything with the information at hand.”