Learning Analytics, SPEC Kit 360

Perry, Michael R.; Briney, Kristin A.; Goben, Abigail; Asher, Andrew; Jones, Kyle M. L.; Robertshaw, M. Brooke; Salo, Dorothea

107 SPEC Kit 360: Learning Analytics BOSTON COLLEGE Data Security Policy http://www.bc.edu/content/dam/files/offices/policies/pdf/policies/I/1-100-200.pdf INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for creating and maintaining an environment that safeguards data from threats to personal, professional and institutional interests and to establish a comprehensive data security program in compliance with applicable law. This policy is also designed to establish processes for ensuring the security and confidentiality of confidential information and to establish administrative, technical, and physical safeguards to protect against unauthorized access or use of this information. SCOPE This policy applies to all Boston College faculty and staff, whether full- or part-time, paid or unpaid, temporary or permanent, as well as to all other members of the University community. This policy applies to all information collected, stored or used by or on behalf of any operational unit, department and person within the community in connection with University operations. In the event that any particular information at Boston College is governed by more specific requirements under other University policies or procedures (such as the policy concerning Student Education Records), the more specific requirements shall take precedence over this policy to the extent there is any conflict. DEFINITIONS Information Resource. An Information Resource is a discrete body of information created, collected and stored in connection with the operation and management of the University and used by members of the University having authorized access as a primary source. Information Resources include electronic databases as well as physical files. Information derived from an Information Resource by authorized users is not an Information Resource, although such information shall be subject to this policy. Sponsors. Sponsors are those members of the University community that have primary responsibility for maintaining any particular Information Resource. Sponsors may be designated by a Vice President or Dean in connection with their administrative responsibilities (as in the case of the University Registrar with respect to student academic records), or by the actual sponsorship, collection, development, or storage of information (as in the case of individual faculty members with respect to their own research data, or student grades). Data Security Officers. Data Security Officers are those members of the University community, designated by their University Vice President or Dean, who provide administrative support for the implementation, oversight and coordination of security procedures and systems with respect to specific Information Resources in consultation with the relevant Sponsors. Users. Users include virtually all members of the Boston College community to the extent they have authorized access to University Information Resources, and may include students, faculty, staff, contractors, consultants and temporary employees and volunteers. Data Security Committee. The Data Security Committee shall be chaired by the Executive Vice President and shall include the following Vice Presidents or their representatives: the Provost, the Financial Vice President and Treasurer, the Vice President for Information Technology, the Vice President for Human Resources, and the General Counsel. Title: Data Security Policy Code: 1-100-200 Date: 12-31-10rev Approved: WPL

Previous Page Next Page

SPEC Kit 360: Learning Analytics (September 2018) resources

Free Attachments

Follow Link Learning-Analytics-SPEC-Kit-360.pdf

Extracted Text (may have errors)

107 SPEC Kit 360: Learning Analytics BOSTON COLLEGE Data Security Policy http://www.bc.edu/content/dam/files/offices/policies/pdf/policies/I/1-100-200.pdf INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for creating and maintaining an environment that safeguards data from threats to personal, professional and institutional interests and to establish a comprehensive data security program in compliance with applicable law. This policy is also designed to establish processes for ensuring the security and confidentiality of confidential information and to establish administrative, technical, and physical safeguards to protect against unauthorized access or use of this information. SCOPE This policy applies to all Boston College faculty and staff, whether full- or part-time, paid or unpaid, temporary or permanent, as well as to all other members of the University community. This policy applies to all information collected, stored or used by or on behalf of any operational unit, department and person within the community in connection with University operations. In the event that any particular information at Boston College is governed by more specific requirements under other University policies or procedures (such as the policy concerning Student Education Records), the more specific requirements shall take precedence over this policy to the extent there is any conflict. DEFINITIONS Information Resource. An Information Resource is a discrete body of information created, collected and stored in connection with the operation and management of the University and used by members of the University having authorized access as a primary source. Information Resources include electronic databases as well as physical files. Information derived from an Information Resource by authorized users is not an Information Resource, although such information shall be subject to this policy. Sponsors. Sponsors are those members of the University community that have primary responsibility for maintaining any particular Information Resource. Sponsors may be designated by a Vice President or Dean in connection with their administrative responsibilities (as in the case of the University Registrar with respect to student academic records), or by the actual sponsorship, collection, development, or storage of information (as in the case of individual faculty members with respect to their own research data, or student grades). Data Security Officers. Data Security Officers are those members of the University community, designated by their University Vice President or Dean, who provide administrative support for the implementation, oversight and coordination of security procedures and systems with respect to specific Information Resources in consultation with the relevant Sponsors. Users. Users include virtually all members of the Boston College community to the extent they have authorized access to University Information Resources, and may include students, faculty, staff, contractors, consultants and temporary employees and volunteers. Data Security Committee. The Data Security Committee shall be chaired by the Executive Vice President and shall include the following Vice Presidents or their representatives: the Provost, the Financial Vice President and Treasurer, the Vice President for Information Technology, the Vice President for Human Resources, and the General Counsel. Title: Data Security Policy Code: 1-100-200 Date: 12-31-10rev Approved: WPL

Help

106 Data Security Policies Data Security Policies

Previous Page Next Page

SPEC Kit 360: Learning Analytics (September 2018) resources

108 Data Security Policies BOSTON COLLEGE Data Security Policy http://www.bc.edu/content/dam/files/offices/policies/pdf/policies/I/1-100-200.pdf Computer System Security Requirements. Computer System Security Requirements shall mean a written set of technical standards and related procedures and protocols designed to protect against risks to the security and integrity of data that is processed, stored, transmitted, or disposed of through the use of University information systems, and shall include computer system security requirements that meet or exceed the requirements of regulations promulgated under Chapter 93H of Massachusetts General Laws. The Computer System Security Requirements shall be set forth as an exhibit hereto. The Computer System Security Requirements establish minimum standards and may not reflect all the technical standards and protocols in effect at the University at any given time. Data Security Directives. Data Security Directives shall be issued from time to time by the Data Security Committee to provide clarification of this policy, or to supplement this policy through more detailed procedures or specifications, or through action plans or timetables to aid in the implementation of specific security measures. All Data Security Directives issued by the Committee shall be deemed incorporated herein. Specific Security Procedures. Specific Security Procedures are procedures promulgated by a University Vice President or Dean to address particular security needs of specific Information Resources sponsored within their area of responsibility, not otherwise addressed by this policy, or any Data Security Directives. Data Security Working Group. The Data Security Working Group shall be chaired by the Director of Computer Policy and Security, and shall consist of those Data Security Officers as may be assigned to the group from time to time by the Data Security Committee. Security Breach. A Security Breach is any event that causes or is likely to cause Confidential Information to be accessed or used by an unauthorized person and shall include any incident in which the University is required to make a notification under applicable law, including chapter 93H of the Massachusetts General Laws. DATA CLASSIFICATION 1. All information covered by this policy is to be classified among one of three categories, according to the level of security required. In descending order of sensitivity, these categories (or “security classifications”) are “Confidential,” “Internal Use Only,” and “Public.”  Confidential information includes sensitive personal and institutional information, and must be given the highest level of protection against unauthorized access, modification or destruction. Unauthorized access to personal Confidential information may result in a significant invasion of privacy, or may expose members of the University community to significant financial risk. Unauthorized access or modification to institutional Confidential information may result in direct, materially negative impacts on the finances, operations, or reputation of Boston College. Examples of personal Confidential information include information protected under privacy laws (including, without limitation, the Family Educational Rights and Privacy Act and the Gramm-Leach-Bliley Act), information concerning the pay and benefits of University employees, personal identification information or medical/health information pertaining to members of the University community, and data collected in the course of research on human subjects. Institutional Confidential information may include University financial and planning information, legally privileged information, invention disclosures and other information concerning pending patent applications. Without limiting the generality of the foregoing, Confidential information shall include “personal information” as defined by Massachusetts General Laws Chapter 93H (“Massachusetts PI”). Massachusetts PI means a Massachusetts resident’s first name or first initial and last name in combination with any one or more of the following: (a) social security number (b) driver’s license number or state –issued identification number (c) financial account number, or credit card or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to the resident’s financial account and Confidential information also includes “customer information,” defined by the safeguards rule under the Gramm-Leach-Bliley Act to mean any information containing personally identifiable information that the University obtains in the process of offering a financial product or service.

Previous Page Next Page

Page 1Survey Results click to expand contents

Page 42Representative Documents click to expand contents

Page 43Library Privacy Statements and Policies click to expand contents

Page 77Institution Privacy Policies click to expand contents

Page 106Data Security Policies click to expand contents

Page 145Selected Resources click to expand contents

SPEC Kit 360: Learning Analytics (September 2018) resources

All section downloads (PDF) click to expand contents

Free Attachments

Extracted Text (may have errors)

Help

loading

SPEC Kit 360: Learning Analytics (September 2018) resources

SPEC Kit 360: Learning Analytics (September 2018) resources