Learning Management Collection Data Security
Learning Management Collection Access Prerequisites
Those who have a PennKey and
wish to gain access to the Learning Management collection
in the Data Warehouse may submit
a Learning Management eForm (available in the Data Warehouse section of the Penn eForms Web page). The eForm is automatically routed to those whose approval is required, and the user is notified via e-mail when access is granted. Those with access can view all of the Learning Management data in the Warehouse.
Releasing Data Outside the University or UPHS
Those who have access to the Learning Management
data in the Warehouse are not necessarily authorized to disclose that
data outside the University or UPHS. If you receive an external request
for Learning Management data, refer the requester to the Regulatory Compliance Officer.
Keep a Log
You might want to keep a log of the reports you create, even if you are
giving it to someone within the University or UPHS. The log might include:
- Who requested the data.
- When they made the request.
- What data they requested.
- Why they requested the data/how they planned to use it.
- What query and/or report you used.
Releasing Data Within the University or UPHS
Within the University or UPHS, Learning Management data may be disclosed
only if it
is needed to do the business of the University or UPHS, and only to those
who
need to know the information in order to do their jobs. If you are not
sure whether to fulfill a request for Learning Management data, ask
the Regulatory Compliance Officer.
Questions you should ask to help decide whether to fulfill a request
for
Learning Management data:
- Who wants the information?
- For what purpose will the information be used?
- If the requester will pass the information on to someone else, for what purpose
will that person use it? Note: Usually, the data should be for
the requester's use only. No data should be posted in a public place
including the World Wide Web.
- How will they secure the information once they have it?
- How will they dispose of the information when they are done with it?
For example, hard copy reports should be shredded.
Do not send unencrypted sensitive data via e-mail. Business Objects enables users to securely share Business Objects documents with each other. (Further information on how to Share a Copy of a Report is available in the InfoView and general (similar in both interfaces) section of the Web Intelligence (Webi) at Penn > How To page.) Data stored in other types of files (such as Excel or pdf) can be sent securely via Secure Share.
Desktop Security
Query Results. If you save your query results in Excel, pdf, or any other local file type, you must see to it that any sensitive data stored on
your
computer is safeguarded through physical security, access control
software, or encryption.
- Examples of physical security are locked offices and locked keyboards.
- Examples of access control software are a screen saver with password
protection (which your computer has been set up to initiate at startup)
or specialized desktop security software.
- If you encrypt your query results, you will need to decrypt them before
using them.
If you delete a file in the usual way (such as by dragging it to the Recycle Bin), it can be recovered easily using undelete functionality in the operating system or in forensic software. When sensitive data is no longer needed, it should be securely deleted.
Warehouse Access
When a computer is left signed to an account, it is easy for someone to
gain unauthorized access. Either sign off from your account before you
leave your computer or restrict access by some other means (physical security
or access control software).
For more information on security and privacy, see Protecting Penn's Data or contact the University's Office
of
Information Security. |
