希望国际大学(HIU)信息安全政策旨在作为一套全面的指导方针和政策,旨在保护大学维护的所有机密和受限数据,以协助HIU遵守有关保护个人信息和非公开个人信息的适用法律和法规, as well as in records and in systems owned by the university.
HIU信息安全政策的实施是为了遵守2018年加州消费者隐私法(CCPA)。, the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99), 以及《胜博发体育app》(GLBA) 15 USC§6801(b)和6805(b)(2)中的金融客户信息安全条款。.
In accordance with these laws and regulations, HIU is required to take measures to safeguard personally identifiable information, including financial information, 并向受影响的个人和适当的州机构提供有关大学受保护信息安全漏洞的通知.
HIU致力于保护其所维护的所有敏感数据的机密性, including information about individuals who work or study at the university. HIU已经实施了保护此类信息的政策,并应与本文件末尾交叉引用的这些政策一起阅读.
遵守格莱姆-里奇-比利利法案(GLBA) HIU文件并报告我们的数据保护政策和程序. As part of GLBA, the Federal Trade Commission requires us to:
This program applies to all HIU employees, including faculty, staff, contract, and temporary workers, hired consultants, interns and student employees.
The data covered by this program includes any information stored, accessed, or collected by and for the university. HIU信息安全并不打算取代任何现有的包含保护某些类型数据的更具体要求的政策.
Data: Data refers to information stored, accessed, or collected, by and for the university.
Data custodian: 负责维护支持访问和安全保管的技术基础设施的一方, transport, and storage of the data, and which provides technical support for its use. 数据管理员还负责实现由数据所有者建立的业务规则.
Data owner: A party responsible for the data content and development of associated business rules, including authorizing access to the data.
Personal information: As defined under the CCPA, personal information is information that identifies, relates to, or could reasonably be linked with you or your household.1
Nonpublic personal information: As defined by the GLBA 15 USC § 6809(4)(A), nonpublic personal information is personally identifiable financial information (i) provided by a consumer to a financial institution; (ii) resulting from any transaction with the consumer or any service performed for the consumer; or (iii) otherwise obtained by the financial institution.2
All data covered by this policy will be classified into one of three categories, based on the level of security required.
Confidential: Any data where unauthorized access, use, alteration, or disclosure could present a significant level of risk to HIU, its faculty, staff, or students. 机密数据应以最高的安全级别处理,以确保该数据的私密性, as well as to prevent any unauthorized access, use, alteration, or disclosure. 机密数据包括受联邦或州法律法规保护的数据.
Restricted: 所有其他个人和机构数据,这些数据的丢失可能损害个人隐私权或对财务产生负面影响, operations, or reputation of HIU. 任何未明确指定为机密的非公开数据应被视为受限数据.
The following University Information is classified as Restricted:
受限制的数据包括FERPA保护的数据,即胜博发体育app教育记录. This data also includes, but is not limited to, donor information, research data on human subjects, intellectual property (proprietary research, patents, etc.), university financial and investment records, employee salary information, or information related to legal or disciplinary matters:
Access to restricted data should be limited to individuals who are employed by, or enrolled at HIU, 并且根据FERPA或其他适用法律或大学政策的规定,有合法理由访问:
Public: Any information for which there is no restriction to its distribution.
All data at HIU is assigned to a data owner. Data owners are responsible for approval of all requests for access to such data.
资讯科技人员作为数据保管人,集中保管存放在HIU的服务器和管理系统上的所有数据, and they are responsible for the security of such data.
人力资源部将在员工离开HIU之前尽快通知IT员工其身份的改变或解雇. Changes in status may include terminations, leaves of absence, significant changes in position responsibilities, transfer to another department, or any other change that might affect an employee's access to HIU data.
IT staff oversees maintaining, updating, and implementing the Information Security. 大学的信息技术主任全面负责信息安全.
所有访问大学数据的HIU人员都有责任维护上述所有敏感数据的隐私和完整性, and must protect the data from unauthorized use, access, disclosure, or alteration. All personnel with access to university data are also required to access, store, 并维护包含敏感数据的记录,以符合HIU信息安全.
To protect college data classified as confidential, the following policies and procedures were developed that relate to access, storage, transportation, and destruction of records:
对受限制数据的访问应该仅限于那些对数据有合法业务需求的人. Additional safeguards are as follows:
1http://oag.ca.gov/privacy/ccpa
2http://www.govinfo.gov/content/pkg/USCODE-2011-title15/html/USCODE-2011-title15-chap94-subchapI-sec6809.htm