In an effort to better protect electronic personal information at the university, President Philip Austin today announced the beginning of a new computer and data security initiative at UConn.
In his letter to the community, Austin wrote that the university will “embark upon a comprehensive and deliberate effort to address computer security concerns” and that the initiative will focus on “identifying our vulnerabilities and ameliorating them, both with respect to previously acquired and stored data and data that will be acquired and stored in the future.”
In August a laptop computer was stolen from the West Hartford regional campus that contained the names and social security numbers of people who had applied to the campus. The university informed anyone whose personal information was on the computer and offered credit monitoring coverage for two years at the university’s expense.
“Security issues at the university have increased over the last several years due to significant growth in data creation and storage, off-campus computing and the use of personal electronic devices,” wrote Austin. “As a result, the university has become vulnerable to the ever-increasing risks of data loss and identity theft.”
UConn’s Chief Information Officer, David Gilbertson, and Jason Pufahl, director of information security at the university, will lead the effort over the coming months.
At a minimum, Austin wrote, the plan they develop will include:
1) Identifying all University employees who legitimately need access to sensitive personal information, in particular Social Security numbers, and eliminating use of, or access to, these numbers by all other University employees with a strict process for periodic reviews;
2) Educating and training all University personnel in safe practices for data storage and management;
3) Employing appropriate technological tools and procedures to protect sensitive data on all University websites, servers, computers, laptops, and other electronic devices used by UConn employees, and eliminating or protecting such data as warranted; and
4) Developing an on-going security plan for ensuring these appropriate and needed protections are in place moving forward.
Though Austin noted that the effort would involve expense and be time-consuming – including the amount of time faculty and staff may need to spend on things like updated training – “as an institution, we cannot shy away from this task.”