Your Responsibilities - An Introduction to OSU Information Security

Oregon State University takes the responsibility for information security seriously. The policies outlined in the manuals for Acceptable Use for University Information & University Computing Resources, and the Information Security Policies and Procedures Manual (InfoSec) are the documents governing information security for OSU. Key points from these policies and procedures manuals are referenced throughout the Business Intelligence Center website.

Information Security policies apply to all members of the OSU Community. There are circumstances which may require specific restrictions on information due to the terms of a grant, federal law or departmental policy. The policies and procedures apply regardless of the media on which the information resides. Specifically they apply to paper and traditional hard copy information, electronic, microfiche/microfilm, CD/DVD, internal and external computer data storage drives, or other types of media. The information form is not limited to text but includes graphics, video or audio or their presentation.

Protected Information and Sensitive Information includes, as noted in Appendix A: Data Classification by Data Element in the InfoSec manual, 000 Introduction, the following:

Protected Information includes

  • Social Security Number
  • Driver’s License/State-issued Identification Number
  • Visa/Passport Number
  • Credit Card Number
  • Bank Account Number
  • Health Insurance Policy Number
  • Income Tax Records
  • Personally Identifiable Health Information, including Personally Identifiable Genetic Information
  • Classified Research Data
  • Personal Finance Disclosure/Information
  • Identifiable Human Subjects Research Data designated as Level 3 by the Institutional Review Board (IRB)
  • Research Data with Export Control/ITAR limitations

Sensitive Information includes

  • Data defined as confidential by the Family Educational Rights & Privacy Act (FERPA)
  • Employment Applications
  • Employee Performance Evaluations
  • Confidential Donor Information
  • Identifiable Human Subjects Research Data designated as Level 2 by the Institutional Review Board (IRB)
  • Minutes from Confidential Meetings
  • Accusations of Misconduct and records from investigations
  • Common Identifiers: Date of Birth, Place of Birth, Mother’s Maiden Name
  • Demographic Information such as race, ethnicity, gender, sexual orientation or identity when personally identifiable
  • Admission Applications
  • Privileged Attorney-Client Communications
  • ID Photos

Responsibilities for Information Security

At OSU, all individuals with access to University information are responsible for care and security of this important resource. Lois Brooks, Vice Provost for Information Services states, “Data is a strategic asset of the University, but only to the extent that it is available, true and actionable. “ With the web-based systems offered by the Business Intelligence Center, keeping data security in the forefront is extremely important.

Related Topics