Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

  
  UPDATES
Current Load Status
Regular Availability
  
  INFORMATION
FAQs & Tips
Password Changer
Support services
Security
About the Data Warehouse
Data Administration
  
  DATA COLLECTIONS
Advancement
Assets
BRIM
Express Mail
Facilities
Faculty
GAR
General Ledger
Infrastructure
ISSS-iOffice
Learning Management
Position Inventory
Research-PennERA Proposals
Salary Management
Student
Travel Expense Management
Tuition Distribution
Cross-Collection

Learning Management Collection Data Security

Learning Management Collection Access Prerequisites
Those who have a PennKey and wish to gain access to the Learning Management collection in the Data Warehouse may submit a Learning Management eForm (available in the Data Warehouse section of the Penn eForms Web page). The eForm is automatically routed to those whose approval is required, and the user is notified via e-mail when access is granted. Those with access can view all of the Learning Management data in the Warehouse.

Releasing Data Outside the University or UPHS
Those who have access to the Learning Management data in the Warehouse are not necessarily authorized to disclose that data outside the University or UPHS. If you receive an external request for Learning Management data, refer the requester to the Regulatory Compliance Officer.

Keep a Log
You might want to keep a log of the reports you create, even if you are giving it to someone within the University or UPHS. The log might include:

  • Who requested the data.
  • When they made the request.
  • What data they requested.
  • Why they requested the data/how they planned to use it.
  • What query and/or report you used.

Releasing Data Within the University or UPHS
Within the University or UPHS, Learning Management data may be disclosed only if it is needed to do the business of the University or UPHS, and only to those who need to know the information in order to do their jobs. If you are not sure whether to fulfill a request for Learning Management data, ask the Regulatory Compliance Officer.

Questions you should ask to help decide whether to fulfill a request for Learning Management data:

  • Who wants the information?
  • For what purpose will the information be used?
  • If the requester will pass the information on to someone else, for what purpose will that person use it? Note: Usually, the data should be for the requester's use only. No data should be posted in a public place including the World Wide Web.
  • How will they secure the information once they have it?
  • How will they dispose of the information when they are done with it? For example, hard copy reports should be shredded.

Do not send unencrypted sensitive data via e-mail. Business Objects enables users to securely share Business Objects documents with each other. (Further information on how to Share a Copy of a Report is available in the InfoView and general (similar in both interfaces) section of the Web Intelligence (Webi) at Penn > How To page.) Data stored in other types of files (such as Excel or pdf) can be sent securely via Secure Share.

Desktop Security
Query Results. If you save your query results in Excel, pdf, or any other local file type, you must see to it that any sensitive data stored on your computer is safeguarded through physical security, access control software, or encryption.

  • Examples of physical security are locked offices and locked keyboards.
  • Examples of access control software are a screen saver with password protection (which your computer has been set up to initiate at startup) or specialized desktop security software.
  • If you encrypt your query results, you will need to decrypt them before using them.

If you delete a file in the usual way (such as by dragging it to the Recycle Bin), it can be recovered easily using undelete functionality in the operating system or in forensic software. When sensitive data is no longer needed, it should be securely deleted.

Warehouse Access
When a computer is left signed to an account, it is easy for someone to gain unauthorized access. Either sign off from your account before you leave your computer or restrict access by some other means (physical security or access control software).

For more information on security and privacy, see Protecting Penn's Data or contact the University's Office of Information Security.

  Collection Information:
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania