Page History

6.1 Make confidential data handlers aware of privacy and security requirements. Changes to regulations for data privacy and security must be communicated to the affected areas of the higher education community.

Info: NIST SP800-50: Building an Information Technology Security Awareness and Training Program, October 2003

Industry

6.2 Require acknowledgment by data users of their responsibility for safeguarding such data. Each person with access to confidential information should be presented with an acknowledgment to ensure understanding their role, whether its as a consumer/user of information, a creator of information, or a steward/manager of information.

Policy: Confidentiality Agreement or Statement
Policy: Template Non-Disclosure and Confidentiality Agreements (Texas State University, San Marcos)

Higher Education

6.3 Enhance general privacy and security awareness programs to specifically address safeguarding confidential data. A key component of any awareness program is instruction regarding the data sensitivity classifications for information as defined by your institution. In addition, the controls and safeguards for each confidential data classification should be described.

Info: Campus-wide Security Education and Awareness (Chapter 7 in the online book "Computer and Network Security in Higher Education")

Higher Education

Info: NIST SP800-50: Building an Information Technology Security Awareness and Training Program, October 2003

Industry

6.4 Clearly communicate how to safeguard data so that collaboration mechanisms, and their respective strengths and limitations in terms of access control, are clearly understood.