January 25, 2013 | Stephanie Reitz - UConn Communications

UConn Offers Range of Resources to Promote Data Privacy and Security

From everyday business practices to planning for an emergency, UConn is helping members of the university community protect the security of electronic data.

Data security

Data security

Whether it’s on desktop computers, cell phones, or tablet devices, University of Connecticut students and employees consume and share countless bits of electronic data every day.

Data Privacy Day badge

UConn’s commitment to protect the security and privacy of that data – and to arm users with the knowledge to do the same – is at the core of several initiatives currently taking place.

Although they are under way throughout the year, the initiatives are being highlighted as UConn participates in international Data Privacy Month, which culminates in Data Privacy Day on Monday, Jan. 28. The University has also been named a Data Privacy Champion by the National Cyber Security Alliance for its efforts.

Data privacy website

One major initiative has been the launch of a special data privacy website at UConn at http://privacy.uconn.edu. It includes a regularly updated blog, details on UConn’s secureU initiative, and tips on everything from helpful apps to protecting against identity theft.

UConn’s Compliance Office and Information Security Office are teaming up to provide the University community with information to help protect themselves, their families, colleagues, and the University from privacy breaches, and make well-reasoned choices about what they share online, in email, and on smartphones.

At UConn, we take privacy and data security very seriously.

“Here at UConn, we take privacy and data security very seriously. Many systems are in place, and resources are available to protect sensitive information we collect and maintain as part of our business practices,” says Rachel Krinsky Rudnick, author of UConn’s data privacy blog and assistant director of compliance/privacy in the Office of Audit, Compliance & Ethics.

The efforts during Data Privacy Month have focused on different topics to provide readers with pointers and other resources. In addition to the privacy.uconn.edu site, information is also available on Facebook at @UConnHuskyHunt or @UConniso, and on Twitter at @UConnISO.

Planning for an emergency

Some of UConn’s other data privacy and security initiatives include updating plans on how to protect and recover data during natural disasters and other disruptive events.

“As we reflect on the impact of a natural disaster in other states on their institutions of higher education, we recognize the importance of a strong effort at UConn,” says Nancy Bull, UConn’s vice provost for information technology. “The impact of Hurricane Katrina on institutions of higher learning in New Orleans was an eye-opener for all of us.”

Some of those schools faced difficulty getting to some data because their servers or hardware were damaged or inaccessible, and because they either lacked backup sites or those sites were nearly as inaccessible during the emergency as the primary spots.

Victor Font Jr., business continuity and disaster recovery coordinator for University Information Technology Services (UITS), is heading up the UConn effort. He’s also chairing a steering committee to determine appropriate backup data plans, and to update UConn’s data recovery plans through a series of tests and exercises.

“It is during these exercises that we can pinpoint the weaknesses and omissions in a disaster plan. You do not want to find them during an actual disaster,” Font says.

Statewide collaboration

UConn’s data security and privacy efforts do not end at its own borders. Starting in the fall semester, UConn teamed up with Quinnipiac University to launch a group of information technology officials from colleges and universities throughout Connecticut that will share challenges, experiences, and solutions.

The Connecticut Higher Education Roundtable on Information Security (CHERIS) kicked off in the fall semester, and about two dozen Connecticut colleges, universities, and related entities are participating – the vast majority of Connecticut’s higher education community.

Jason Pufahl, chief information systems security officer.
Jason Pufahl, UConn’s chief information systems security officer.

“CHERIS was created to establish a forum for Connecticut Higher Education to collaborate in solving the information security challenges we collectively face,” says Jason Pufahl, UConn’s chief information systems security officer.

Information security in higher education has become critically important, as colleges and universities use their computers and networks for everything from confidential financial data to electronic correspondence, scheduling, and personnel management.

CHERIS organizers say the roundtable discussions benefit the colleges and universities – and, by extension, the campus communities and the state – by providing a forum in which information security professionals can share best practices for ensuring the protection of those complex systems.

UConn’s Information Security Office also recently held a “Husky Hunt,” an online scavenger hunt to increase students’ awareness of computer security basics and help them detect potential hazards.

Students logged on to the HuskyHunt website weekly with unique IDs, then performed a simple task related to computer security so they could receive a clue for the scavenger hunt. They also posted their answers on social media, spreading the word more widely as they won points toward awards ranging from t-shirts to free textbooks. Another HuskyHunt is planned to take place in fall 2013.

UConn also uses its secureU webpage (secureu.uconn.edu) to provide information and resources to faculty and staff, including links to the important Information Security Policy Manual and a variety of security tips, training opportunities, and contacts.