IT Policy Planning Team (PPT) Meeting, Wednesday, Aug 4, 2010, 9:00-10:30 location 3139A CS.
- Agenda review.
- Revision schedule of policies and procedures.
See: IT Policy Review Schedule
- Schedule OK
- IEncrypt and IReport:
- Start with IERJIT team
- Start with POD team
- Need a procedure:
- Determine if a license is needed
- Get the license
- Need an index of apps that perform various functions
- List UW-Madison apps that can perform the function
- List non-UW-Madison apps with whom we have a contract or other trust relationship
- Need a careful process of review
- Begin planning in 4th quarter: involve legal services, others
- IT policy principles and procedures:
- Gary to mark up minor language changes
- Gary to identify some broader issues to discuss at PPT, examples:
- Change from "compliance" to "communications"
- "Review" (change needed?) is distinct from "Revision" (specific changes?), need a process for each.
- Gary to make minor procedure updates.
- What about change of policy so policy agrees with actual practice?
- Some (with approval from Univ. leadership) are issuing Guest NetID's anonymously
- Some are issuing Guest NetID's anonymously within a defined group (such as attendees at a conference)
- Raises the question, under what circumstances is it necessary to know who has a specific id?
- Need for improved awareness of the policy on Collection of Personal Identity Information via Email.
See: COPE initiative and http://www.cio.wisc.edu/policies/COPE_Policy.pdf
- Pull definition of restricted info off OCIS page and place in a separate document, link to that document from COPE
- Reminder message needs to come from someone high-level
- Send notice to TP's in advance
- Would be good to get notice out quickly, (for further dissemination prior to Fall term)
Additional future actions:
- Restricted info links in many places should link to the separate document described above
- Will eventually need a better (more complete) definition of PII, (perhaps as part of data categorization by IRM?)