 |
 |
The following message is meant to clarify the purpose of MSU's Institutional Data Policy and provide suggestions on how to get specific advice on adhering to our IDP. This message is not intended to change how you are currently manage sensitive data. The institutional data policy is a guideline and philosophy for how MSU should manage its data. The interpretation of the IDP is subject to many factors including how the sensitive data is being used and the other data elements that coexist n the same screen, report and data stores, To make good decisions on the use of sensitive data additional information is needed. For starters * Who is extracting the data * Where is the data being extracted from. * What is the purpose of doing so? * What application and/or report is the information contained in? * How will the information be transmitted (email, posted on web, encrypted, etc.) * Who will be receiving the information and what will it be used for? The treatment of ZPID and APIDs are inconsistent so it would be helpful to go through the effort of defining the context of this issue. Don Ries Director, Enterprise Information Stewardship