New Data Access Policy, revised Acceptable Use Policy implemented

A new Data Access Policy and revised Acceptable Use of Computer and Network Resources Policy go into effect Dec. 1.

“These policies provide UAB students, faculty and staff with clear guidance for use of computing resources and with formalized protection of sensitive and restricted information,” said Brian Rivers, UAB’s chief information security officer.

The revised Acceptable Use policy applies to all users of UAB’s computing resources and is intended to prohibit certain unacceptable uses of computers, mobile devices and network resources and facilities, while educating users about their individual responsibilities.

The revised policy gives clearer guidance and expectations to UAB students, faculty and staff regarding their use of University computing resources.

The new Data Access Policy outlines the requirements for granting and revoking access to Sensitive and Restricted/PHI institutional data, as outlined in the Data Classification Rule.

Examples of sensitive data include FERPA data, budgetary plans and data protected by law. Examples of Restricted/PHI data include HIPAA protected health information, Social Security numbers and credit card numbers.

The Data Access Policy ensures that access to such information is authorized and based on the principles of least privilege and need to know, that its use is appropriate and that authorized access complies with UAB policies, standards and rules as well as relevant laws.

“Creating a secure computing environment is the No. 1 IT imperative at UAB,” said Vice President and CIO Curtis A. Caver Jr., Ph.D. “Over the past year, we have worked to revise and streamline technology policies to give the University community clearer expectations for their behavior and to better protect their information.”
Last modified on November 30, 2017