A comprehensive approach to information management ensures that information is kept secure and is available when you need it.
A:Everyday at KU we create and use information in our research, teaching, classes and service to the State of Kansas. Stewardship of the University’s information assets is a shared responsibility across KU. Each of us plays a vital role. Information management will improve our handling and securing of private information, our management of university records, and will ensure the preservation of KU’s institutional memory for today’s decision-makers and tomorrow’s scholars.
A:An assessment of the information in question will help determine how private and/or secure it needs to be. The protection of certain kinds of information is regulated by law. You will also need to consider the business impact if the information is lost, stolen or becomes irretrievable.
A:Many universities have developed or are beginning to develop strategies for information management, including The University of Notre Dame, Stanford, University of Texas, Purdue, Indiana University, and MIT.
A:Generally, a record is information that either results from the conduct of an official activity, or that is employed in the course of planning and/or decision making prior to such activity. As an agency of the State of Kansas, KU creates and utilizes state government records. Consequently, the University is required to develop and to maintain a records management program that ensures the preservation of state government records.
A:Paper records and electronic records are basically the same but exist in different formats that require different methods of maintenance and preservation. Electronic records require that decisions are made during the entire life cycle of the record from its creation through disposition in order to ensure that the record is available for continued access and use.
The intended outcome for handling records (no matter what format) should always be the same: keep what you need for as long as you need it; once it is no longer needed, check the University records retention schedule.
The KU Records Retention and Disposition schedule outlines the recommended periods for retaining certain types of records and appropriate methods for disposing of them once the retention period has expired.
Depending on the format your records are in (paper, electronic, etc…), you may need to use different tools or methods to appropriately handle them to achieve the intended outcome stated above. (For example, paper records may require locked file cabinets; whereas electronic mail archives may need to be encrypted.)
A:As a rule of thumb, never dispose of anything that is involved in a pending or threatened litigation. Retain all records from a closed grant for at least 3 years from the close (or as directed by the Granting agency). Retain employment records for the period of employment plus 5 years. For additional guidance, refer to the KU Record Retention schedule.
A:First, check the KU Record Retention schedule for information on how long to retain certain types of records. This information will be periodically updated and expanded, so please check back to find out more on Record Retention at KU.
Disposal of Confidential Information:
Currently, there are two methods recommended to securely dispose of confidential, paper documents (or CD's, DVD's, etc.) including:
More on disposal of confidential electronic files can be found at the IT Security website (www.security.ku.edu).
More on effective shredding options can be found at the Privacy website.
A:Contact Archives by calling this 785-864-4334. A staff member will assist you.
A:Before you offer any record to a historical society, public library, or any other entity, you must contact your University Records Officer or Archivist. Permanent records must be kept either in your offices, in your University Archives, or in an authorized space designated for the storage of permanently valuable records.
A:If you suspect a breach of private information or systems, immediately contact the KU Customer Service Center at 864-8080 and tell them you suspect a breach. They will assist you appropriately. Then report the incident to your Chair or Unit Director.
A:Immediately contact the KU Public Safety unit at 864-5900. Additionally, contact the KU Customer Service Center at 864-8080 and tell them you suspect a breach. They will assist you appropriately. Then report the incident to your Chair or Unit Director.
A:The person who discovers the loss or breach should immediately report the incident as described above. Additionally, the Chair or Unit Director should be notified of the incident.
A:The Family Educational Rights and Privacy Act (FERPA) provides higher education students the right to have access to their education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records. More information on the University’s FERPA-related policies is found at:
The Health Insurance Portability and Accountability Act (HIPAA) places significant privacy and security requirements on health care practitioners and researchers that handle individually identifiable health information.
More information and resources can be found at the KU Privacy Office website.
A:The Gramm-Leach-Bliley Act (GLB) regulates the disclosure of non-public personal information by financial institutions. Institutions of higher education are covered by the law's definition of "financial institutions" as they participate in financial activities, (e.g. offering Federal Perkins Loans).
A:The Payment Card Industry (PCI) Data Security Standard (DSS) places stringent requirements on the storage, processing and transmission of data elements found on payment cards. Data elements include: Primary Account Number (PAN), cardholder name, service code, expiration date, CVC2/CVV2/CID, and PIN/PIN block.
The standards were developed by a group of companies including American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. The PCI standards include requirements for security management, policies, procedures, network architecture, software design and other protective measures.
A:It depends. If you are adhering to the most stringent privacy and security standards (HIPAA), then you may already be in compliance with the other laws. An assessment of the information in question will help determine how private and/or secure it needs to be. You will also need to consider the business impact if the information is lost, stolen, or becomes irretrievable. Please contact the Privacy Office or Office of General Counsel for more information on these laws and their interactions.
A:As the information management program develops, additional resources (tools, services, people, policies, etc.) will become available to you. For now, to ensure your question gets in the right hands, please contact the Office of the Vice Provost for Information Services, 864-4999, or vpinfo@ku.edu.
A:For information on spam and other email that may seem inappropriate, what KU is doing about it, how to move tagged messages out of your inbox, and how to report spam and other email abuses visit the IT Security Office website.
A:The Information Management training module is a program of systematic training in handling protected and private or sensitive information that has been created for the use of KU employees (faculty and staff).
The initial general awareness module (in two parts) is a non-technical tutorial that is required of all employees. It requires approximately 20-30 minutes, with notification of successful completion forwarded to the employee’s HR/EO personnel file.
A:The Information Management training module is important because it promotes the security and management of protected information at the KU campus.
A:The Information Management training module is a joint effort of KU’s Privacy Office, IT Security Office, and Provost Office in conjunction with campus-wide stakeholder representatives. It is a component of the larger Information Management program.
A:All KU faculty and staff will eventually be expected to complete the Information Management training module.
Initially, this training program will engage new employees of the Lawrence and Edwards campuses (those starting employment in January 2009). Pre-existing employees will begin participation in the mandatory training program starting in late spring 2009.
A:You will receive an email notifying you that it is your time to complete the Information Management training module. This email will carefully outline instructions for accessing and completing the program.
A:Each module requires 100% to be considered passing. You will be provided the correct answers for missed questions and then prompted to retake the quiz until 100% correct is achieved.
A:After three years, you will be prompted to complete the module once again, to ensure that you are up-to-date on the information.
A:The training is delivered using the Blackboard course management system.
A:You do not need an existing Blackboard account or Blackboard training in order to complete the Information Management training module. When you are invited to take the tutorial, you will be routed to Blackboard from a link. Blackboard will function as a window (like a web site) and you will already have been granted permission to access the site.
A:The training must be completed within 60 days of notification for new employees and 30 calendar days for pre-existing employees.
A:Specialized training for employees handling student records, medical information, and/or financial/payment card information has also been developed and will also be delivered using Blackboard. Employees to which this is applicable will be notified by email when it is necessary to take the tutorial.
Email Page
Print Page