希望国际大学 (HIU) Information Security Policy is intended as a set of comprehensive guidelines and policies designed to safeguard all confidential and restricted data maintained at the university to assist HIU in complying with applicable laws and regulations on the protection of personal information and nonpublic personal information, 在学校的档案和系统里也有.
HIU Information Security Policy is implemented to comply with the California Consumer Privacy Act of 2018 (CCPA), 家庭教育权利和隐私法(FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99), and the financial customer information security provisions of the Gramm-Leach-Bliley Act (GLBA) 15 USC § 6801(b) and 6805(b)(2).
依照这些法律法规, HIU必须采取措施保护个人身份信息, 包括财务信息, and to provide notice about security breaches of protected information at the university to affected individuals and appropriate state agencies.
HIU is committed to protecting the confidentiality of all sensitive data that it maintains, 包括在大学工作或学习的个人信息. HIU has implemented policies to protect such information and should be read in conjunction with these policies that are cross-referenced at the end of this document.
In compliance with Gramm-Leach-Bliley Act (GLBA) HIU documents and report our data protection policies and procedures. As part of GLBA, the 联邦贸易委员会 requires us to:
该计划适用于所有HIU员工, including faculty, staff, contract, and temporary workers, hired consultants, 实习生和胜博发体育app雇员.
此程序所涵盖的数据包括存储的任何信息, accessed, 或者是由大学收集的. HIU Information Security is not intended to supersede any existing policy that contains more specific requirements for safeguarding certain types of data.
Data: 数据是指由大学存储、访问或收集的信息.
Data custodian: A party responsible for maintaining the technology infrastructure that supports access to and safe custody, transport, and storage of the data, 并为其使用提供技术支持. A data custodian is also responsible for implementation of the business rules established by the data owner.
Data owner: 负责数据内容和相关业务规则开发的一方, 包括授权访问数据.
Personal information: 根据CCPA的定义, 个人信息是识别身份的信息, relates to, 或者可能与你或你的家庭有关.1
非公开个人信息: 根据GLBA 15 USC§6809(4)(A)定义, nonpublic personal information is personally identifiable financial information (i) provided by a consumer to a financial institution; (ii) resulting from any transaction with the consumer or any service performed for the consumer; or (iii) otherwise obtained by the financial institution.2
本政策所涵盖的所有数据将分为三类之一, 根据需要的安全级别.
Confidential: 任何未经授权访问的数据, use, alteration, 或披露可能对HIU构成重大风险, its faculty, staff, or students. Confidential data should be treated with the highest level of security to ensure the privacy of that data, 以及防止任何未经授权的访问, use, alteration, or disclosure. Confidential data includes data that is protected by federal or state laws and regulations.
Restricted: All other personal and institutional data where the loss of such data could harm an individual's right to privacy or negatively impact the finances, operations, or reputation of HIU. Any non-public data that is not explicitly designated as confidential should be treated as restricted data.
以下大学资料被列为限制资料:
Restricted data includes data protected by FERPA, referred to as student education records. This data also includes, but is not limited to, donor information, 关于人类受试者的研究数据, 知识产权(专有研究), patents, etc.), 大学财务和投资记录, 员工工资信息, 或有关法律或纪律事宜的资料:
访问受限制的数据应限于由, or enrolled at HIU, and who have legitimate reasons for access as governed by FERPA or other applicable law or university policy:
Public: 不受分发限制的任何信息.
HIU的所有数据都分配给数据所有者. 资料拥有人须负责批准查阅该等资料的所有要求.
Information Technology (IT) staff serve as the data custodians for all data stored centrally on HIU's servers and administrative systems, 他们对这些数据的安全负责.
Human Resources will inform IT staff about an employee's change of status or termination as soon as is practicable but before an employee's departure date from HIU. 状态的变化可能包括终止, leaves of absence, 职位职责发生重大变化, 调到其他部门, 或任何其他可能影响员工访问HIU数据的更改.
IT人员监督维护、更新和实现信息安全. The university's Director of Information Technology has overall responsibility for the Information Security.
All HIU personnel with access to university data are responsible for maintaining the privacy and integrity of all sensitive data as defined above, 并且必须保护数据不被未经授权的使用, access, disclosure, or alteration. 所有可以访问大学数据的人员也需要访问, store, and maintain records containing sensitive data in compliance with the HIU Information Security.
保护大学机密资料, 制定了以下与获取有关的政策和程序, storage, transportation, 销毁记录:
Access to restricted data should be limited to those who have a legitimate business need for the data. 其他保障措施如下:
1http://oag.ca.gov/privacy/ccpa
2http://www.govinfo.gov /内容/ pkg / uscode - 2011 title15 / html / uscode - 2011 - title15 chap94 subchapi sec6809.htm