希望国际大学(HIU)信息安全政策旨在作为一套全面的指导方针和政策,旨在保护大学维护的所有机密和受限数据,以协助HIU遵守有关保护个人信息和非公开个人信息的适用法律和法规, as well as in records and in systems owned by the university.
HIU信息安全政策的实施是为了遵守2018年加州消费者隐私法(CCPA)。, the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99), 以及《胜博发体育app》(GLBA) 15 USC§6801(b)和6805(b)(2)中的金融客户信息安全条款。.
In accordance with these laws and regulations, HIU is required to take measures to safeguard personally identifiable information, including financial information, 并向受影响的个人和适当的州机构提供有关大学受保护信息安全漏洞的通知.
HIU致力于保护其所维护的所有敏感数据的机密性, including information about individuals who work or study at the university. HIU已经实施了保护此类信息的政策,并应与本文件末尾交叉引用的这些政策一起阅读.
遵守格莱姆-里奇-比利利法案(GLBA) HIU文件并报告我们的数据保护政策和程序. 作为GLBA的一部分 Federal Trade Commission 要求我们:
This program applies to all HIU employees, 包括教师, 工作人员, 合同, 还有临时工, 聘请顾问, interns and student employees.
The data covered by this program includes any information 商店d, 访问, or collected by and for the university. HIU信息安全并不打算取代任何现有的包含保护某些类型数据的更具体要求的政策.
数据: Data refers to information 商店d, 访问, or collected, by and for the university.
数据保管: 负责维护支持访问和安全保管的技术基础设施的一方, 运输, 以及数据的存储, and which provides 技术 support for its 使用. 数据管理员还负责实现由数据所有者建立的业务规则.
数据所有者: A party responsible for the data content and development of associated business rules, including authorizing 访问 to the data.
个人信息: As defined under the CCPA, personal information is information that identifies, 涉及到, or could reasonably be linked with you or your ho使用hold.1
Nonpublic personal information: As defined by the GLBA 15 USC § 6809(4)(A), nonpublic personal information is personally identifiable financial information (i) provided by a consumer to a financial institution; (ii) resulting from any transaction with the consumer or any service performed for the consumer; or (iii) otherwise obtained by the financial institution.2
All data covered by this policy will be classified into one of three categories, based on the level of security required.
保密: Any data where unauthorized 访问, 使用, 变更, 或披露 could present a significant level of risk to HIU, 她的老师, 工作人员, 或胜博发体育app. 机密数据应以最高的安全级别处理,以确保该数据的私密性, as well as to prevent any unauthorized 访问, 使用, 变更, 或披露. 机密数据包括受联邦或州法律法规保护的数据.
限制: 所有其他个人和机构数据,这些数据的丢失可能损害个人隐私权或对财务产生负面影响, 操作, 或HIU的声誉. 任何未明确指定为机密的非公开数据应被视为受限数据.
The following University Information is classified as 限制:
受限制的数据包括FERPA保护的数据,即胜博发体育app教育记录. 这些数据还包括, 但不限于, 捐赠者的信息, research data on human subjects, intellectual property (proprietary research, 专利, 等.), university financial and investment records, employee salary information, or information related to legal or disciplinary matters:
Access to restricted data should be limited to individuals who are employed by, 或就读于HIU, 并且根据FERPA或其他适用法律或大学政策的规定,有合法理由访问:
公众: Any information for which there is no restriction to its distribution.
All data at HIU is assigned to a data owner. Data owners are responsible for approval of all requests for 访问 to such data.
资讯科技人员作为数据保管人,集中保管存放在HIU的服务器和管理系统上的所有数据, and they are responsible for the security of such data.
人力资源部将在员工离开HIU之前尽快通知IT员工其身份的改变或解雇. Changes in status may include terminations, 休假, significant changes in position responsibilities, transfer to another department, or any other change that might affect an employee's 访问 to HIU data.
IT 工作人员 oversees maintaining, updating, and implementing the Information 安全. 大学的信息技术主任全面负责信息安全.
所有访问大学数据的HIU人员都有责任维护上述所有敏感数据的隐私和完整性, and must protect the data from unauthorized 使用, 访问, 信息披露, 或者变更. All personnel with 访问 to university data are also required to 访问, 商店, 并维护包含敏感数据的记录,以符合HIU信息安全.
To protect college data classified as confidential, the following policies and procedures were developed that relate to 访问, 存储, 运输, and destruction of records:
对受限制数据的访问应该仅限于那些对数据有合法业务需求的人. Additional safeguards are as follows:
1http://oag.ca.gov /隐私/ ccpa
2http://www.govinfo.gov/content/pkg/USCODE-2011-title15/html/USCODE-2011-title15-chap94-subchapI-sec6809.htm