Topics Map > Service Catalog > Communications and collaboration services > Cloud storage
Topics Map > Service Catalog > Communications and collaboration services > Collaborative workspace
Topics Map > Service Catalog > Accounts, passwords and security services > System Security
Topics Map > Service Catalog > DataCenter Services > Storage

Non-UW-Stout Applications and Services Guidelines

Applications and services that are not owned and operated by UW-Stout might not comply with UW-Stout and UW System policies, guidelines or requirements for privacy, intellectual property, security, and records retention. All applications and services must be reviewed and approved by LIT staff prior to use.

UW-Stout - Non-UW-Stout Applications and Services Guidelines

Applies to anyone contracting or otherwise acquiring use of non-UW-Stout-owned or -operated applications and services for university business.

Applications and services that are not owned and operated by UW-Stout might not comply with UW-Stout and UW System policies, guidelines, or requirements for privacy, intellectual property, security, and records retention. Faculty and staff using or considering the use of non-UW-Stout applications and services should take these factors into account when selecting applications and services.

Once an application or service has been selected, the application must be submitted to LIT for review. Please refer to Administrative Procedure #076, Software Procurement, for additional details.

Please refer to UW-Stout Cloud Data Storage and Processing for a list of cloud services that UW-Stout has already deployed for general use.

Some examples of non-UW-Stout applications and services include:

  • Dropbox
  • Google Drive
  • OneDrive(associated with a personal account)
  • Amazon Web Service (AWS)

Guidelines

All departments and individuals, particularly those hosting content outside the university's system, must ensure that all application and services they choose meets requirements for security and privacy mandated by UW-System Policy, FERPA, GLBA, Wisconsin State Statute, Payment Card Data Security Standards, and other legal or ethical requirements.

UW-System Policies can be found here: https://www.wisconsin.edu/uw-policies/uw-system-administrative-policies/ 

For more information on FERPA requirements can be found here: http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html

Applications and services that are not owned and operated by UW-Stout might not meet UW-Stout guidelines or requirements for privacy, intellectual property, security, and records retention. Faculty and staff using or considering the use of non UW-Stout applications and services should take these factors into account when selecting applications and services.

 Understand the risks to you and others

  • Providers may require the user to agree to a Terms of Service agreement. This is a legal contract. Only a few UW-Stout administrators are authorized to enter into legal contracts on behalf of the university. Users without that authority become personally responsible for the terms of the agreement and any problems that may arise.
  • Providers may change their Terms of Service without notice. Check periodically to see if it is still acceptable.
  • UW-Stout has already signed agreements with some providers. See UW-Stout Applications and Services Agreements for details.

Protect sensitive research data and other sensitive information

  • Comply with research grant and other contractual and legal requirements to protect sensitive information. There may be requirements that a non UW-Stout application or service cannot meet.
  • Restrict access to any sensitive information, so that only those with a “need to know” can access it.
  • Do not include any personally identifiable information if you can avoid it.
  • Remove data when it is no longer needed.

Protect student privacy

  • Comply with FERPA (Family Educational Rights and Privacy Act) requirements to protect student privacy.
  • Restrict access to student content whenever possible, so that only those who “need to know” have access.
  • Suggest students use aliases when creating accounts, particularly if student work is publicly available.
  • Do not place any personally identifiable information in content. Avoid referring to students by full name.
  • Limit students’ postings to course-related content. Delete student content when no longer needed.
  • Obtain student written consent for continued use of student materials beyond the current class.

 Communicate the use of non UW-Stout applications and services to students

    • Use of non UW-Stout applications and services should not create an undue burden for students who do not agree to the conditions of use. Instructors should weigh the needs of the course activity against the student’s privacy rights.
    • Instructors should communicate their intent to use non-UW-Stout applications and services, along with a summary of issues, conditions of use, and risks to students in the course syllabus. This allows a student to decide whether to withdraw from the course, or request alternate solutions. Consider that withdrawal may not be possible because the course is required, is offered in a sequence, is not offered regularly, or is only offered by one instructor.
    • Refer students who are concerned about their privacy to the Dean of Students office.

Understand who owns content and what they can do with it

    • Placing content on a non UW-Stout application or service may constitute “publication” of intellectual property, and may inhibit other publication of the work, or prevent a successful patent application.
    • Ensure the use of the application or service complies with UW-System Policy #1040, Privacy Policy.
    •  Review the Terms of Service agreement:
  1. Who owns the intellectual property rights when content is created or uploaded to the application or service?
  2. Does the provider claim any rights to use the content created or uploaded to the application or service?
  3. If there is a right of use claim, when and how are these rights terminated?
  • Identify content as “© 20XX The University of Wisconsin System Board of Regents” when appropriate.
  • Consider accessibility, support, retrieval, retention, and backup

      • Ensure non UW-Stout applications or services meet campus web accessibility requirements.
      • Existing campus support might not resolve technical issues. Users might have to deal with the provider directly.
      • Ensure that records can be retrieved from the provider. UW-Stout records are subject to public records law.
      • Ensure that university records are retained according to records retention schedules.
      • Back up material regularly. Many providers assume no responsibility for backing up content.

    Contact your LIT consultant for assistance.

    Please contact your LIT consultant for assistance with application and service selection. They are familiar with the applications and services used across campus as well as the process for submitting an application or service for review. They are here to help you!
    You can find your consultant a much more on the Learning and Information Technology Stout Cloud Site




    Keywords:
    DropBox, Google Drive, AWS 
    Doc ID:
    70503
    Owned by:
    Clara R. in UW Stout
    KnowledgeBase
    Created:
    2017-02-07
    Updated:
    2022-09-12
    Sites:
    UW Stout