UAB has enacted new encryption guidelines to give faculty, staff and students recommendations on the requirements and technology solutions for various types of encryption of Restricted/PHI data.

The encryption guidelines are intended to help ensure that the confidentiality and integrity of UAB data and resources are protected in accordance with the UAB Data Protection Rule and other policies, standards, rules and security frameworks.

For example, the guidelines explain the solutions for encrypting Microsoft Office files, Windows desktops and laptops and Apple desktops and laptops.

Restricted/PHI data, as defined by the Data Classification Rule, includes HIPAA information, Social Security numbers, credit card numbers and other confidential information.

Storing confidential information — particularly information classified as restricted — endangers students, faculty and staff.

UAB IT needs the help of everyone on campus to reduce the amount of data, such as Social Security numbers or personal health information, that is stored on local computers or servers. 

If you have stored Restricted/PHI data, such as SSNs, on your computer, departmental server, UABFile drive or in cloud storage such as OneDrive or Box, you need to review your files and delete or redact any information that is no longer needed, especially as UAB IT begins a campaign to migrate data stored in UABFile to the cloud.

Remember this rule: If you don't need it, delete it. And if you do need it, protect it. Store restricted and sensitive information according to the Data Classification and Data Protection rules. 

The video above has more tips on reducing data, and you can click on our new data reduction page to learn more.

Keeping your UAB email address can help you keep in touch with the contacts you’ve built over your college career — and remind you that once a Blazer, always a Blazer.

Beginning in 2018, UAB IT will offer students and staff the opportunity to keep their email addresses once they leave the University. It’s easy to sign up for the Blazer for Life email — when it’s time for you to graduate or leave your job, you’ll just set up forwarding to a separate email address. Learn how here.

“I think it is a great idea to be able to carry the UAB name for life,” said Tamia Heard, a junior majoring in public relations. “As a proud Blazer, being able to keep my e-mail handle will allow me to continue showing people where I come from.”

For Ashley Kroeger, a senior biology major, keeping a UAB email address will allow her to keep her contacts.

“Students have many benefits that come with being a student enrolled in an academic institution,” Kroeger said. “As well, it allows you to keep in touch with advisors, peers and mentors from graduation and within the development of your life. I think it’s extremely beneficial.”

Students and staff will be able to keep their UAB email addresses, but the mailbox itself will be deleted. For students, the mailbox is deleted after one year. For staff, the mailbox is deleted after three months. Students and staff who would like to keep previous emails are encouraged to archive them on their own.

Eventually, Blazer for Life could give alumni access to other technology solutions.

“We’re trying to think holistically,” said Curtis A. Carver Jr., Ph.D., vice president and chief information officer. “We want to give students access to resources to reduce their worries as they are starting their careers. And Blazer for Life reminds you that once you are a Blazer, you’re always a Blazer.”
A new Data Access Policy and revised Acceptable Use of Computer and Network Resources Policy go into effect Dec. 1.

“These policies provide UAB students, faculty and staff with clear guidance for use of computing resources and with formalized protection of sensitive and restricted information,” said Brian Rivers, UAB’s chief information security officer.

The revised Acceptable Use policy applies to all users of UAB’s computing resources and is intended to prohibit certain unacceptable uses of computers, mobile devices and network resources and facilities, while educating users about their individual responsibilities.

The revised policy gives clearer guidance and expectations to UAB students, faculty and staff regarding their use of University computing resources.

The new Data Access Policy outlines the requirements for granting and revoking access to Sensitive and Restricted/PHI institutional data, as outlined in the Data Classification Rule.

Examples of sensitive data include FERPA data, budgetary plans and data protected by law. Examples of Restricted/PHI data include HIPAA protected health information, Social Security numbers and credit card numbers.

The Data Access Policy ensures that access to such information is authorized and based on the principles of least privilege and need to know, that its use is appropriate and that authorized access complies with UAB policies, standards and rules as well as relevant laws.

“Creating a secure computing environment is the No. 1 IT imperative at UAB,” said Vice President and CIO Curtis A. Caver Jr., Ph.D. “Over the past year, we have worked to revise and streamline technology policies to give the University community clearer expectations for their behavior and to better protect their information.”
Page 3 of 30