Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

 

Tuesday, September 23, 2014

 
  New Resources
Travel Tips for Data Security
Free Security/Privacy Training Resources
Penn+Box
Two-step verification
Combating Malware
SafeDNS
Phishing Archive
Cloud Computing and Data Outsourcing
Best Practices for Applications with Confidential University Data
 
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Spam
Phishing
Wireless Networking
Encryption & digital signatures
 
  Best Practices
Secure desktop computing
Secure servers
Secure data deletion
Securing printers
Tips for safe computing
Computing policies
 
  More in-depth information for
Local support providers
System administrators
 
  Security initiatives
Critical host compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
Secure Space
Vulnerability Scanner
 
  Related links
Electronic privacy
PennKey
Viruses
Worms, trojans, backdoors

Privacy and Security Considerations in Cloud Computing and Other Data Outsourcing Arrangements

New technologies continue to provide unique opportunities to enhance teaching, learning and collaboration. Office productivity software, shared disk space, project management software, hosted email, survey tools, even high performance computing clusters are now available with little more than a web-browser and an internet connection. These and countless other hosted services empower individuals to get more done, faster.

With these services come serious issues that must be understood and considered before placing Penn data in the hands of a third party. A closer look at these issues and solutions will go far in minimizing your risk of data loss, service outages, foreign government access, inadequate technical support, non-compliance and other concerns.

The following tools and guidance help you navigate when it is permissible and advisable to share Penn data with others:

  • Know the Risks. In March of 2010, Penn issued in Almanac Guidance entitled Cloud Computing: Opportunities Used Safely. Review this Guidance as it describes when it is legal to share Penn data. For example, sharing student records or HIPAA-protected data without appropriate contract language is not permissible. The Guidance also describes risk areas such as your data being unavailable when you need it; confidential data being breached due to poor security practices; compliance with export controls laws; and other important considerations.
  • Use Due Diligence in Selecting Vendors -- Privacy and Security. Conduct due diligence regarding the privacy and security safeguards of the third party. Consult the Data Classification and Review Framework, including the SPIA for Vendors tool referenced in that Framework, and "vet" the third party and the agreement appropriately based on the sensitivity of the data.

If you need additional guidance, contact the Privacy Office (privacy@upenn.edu) or the Office of Information Security (security@isc.upenn.edu).

Quick Links:

Last updated: Thursday, August 9, 2012

top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania