125 SPEC Kit 360: Learning Analytics LOUISIANA STATE UNIVERSITY Security of Data https://sites01.lsu.edu/wp/policiesprocedures/files/2014/09/6.20-NEW.pdf collection, maintenance, and integrity of the data. Functional unit(s): shall include any campus, college, program, service, department, office, operating division, vendor, facility user, or other person, entity or defined unit of Louisiana State University that has been authorized to access or use computing resources or data. Least privilege: shall be defined as the principle that requires each person and/or functional unit be granted the most restrictive set of privileges needed for the performance of authorized tasks. “Protected information: shall be defined as data that has been designated as private or confidential by law or by the University. Protected information includes, but is not limited to, employment records, medical records, student records, education records, personal financial records (or other personally identifiable information), research data, trade secrets, and classified government information. Protected information shall not include public records that by law must be made available to the general public. To the extent there is any uncertainty as to whether any data constitutes protected information, the data in question shall be treated as protected information until a determination is made by the University or proper legal authority. User(s): shall be defined as any person or entity that utilizes computing resources, including, but not limited to, employees (faculty, staff, and student workers), students, agents, vendors, consultants, contractors, or sub-contractors of the University. GENERAL POLICY Louisiana State University functional units operating or utilizing computing resources are responsible for managing and maintaining the security of the data, computing resources and protected information. Functional units are responsible for implementing appropriate managerial, operations, physical, and technical controls for access to, use of, transmission of, and disposal of data in compliance with this policy. This requirement is especially important for those computing resources that support or host critical business functions or protected information. Protected information will not be disclosed except as provided by University policy and procedures, or as required by operation of law or court order. Any electronic data of the University shall be classified as public, private, or confidential according to the following categories: Public data - Public data is defined as data that any person or entity either internal or external to the University can access. The disclosure, use, or destruction of public data should have no adverse effects on the University nor carry any liability (examples of public data include readily available news and information posted on the University’s website).