Topics Map > Service Catalog > Communications and collaboration services > Cloud storage
Topics Map > Service Catalog > Communications and collaboration services > Collaborative workspace
Topics Map > Service Catalog > Accounts, passwords and security services > System Security
Topics Map > Service Catalog > DataCenter Services > Storage

Non-UW-Stout Applications and Services Guidelines

Applications and services that are not owned and operated by UW-Stout might not comply with UW-Stout and UW System policies, guidelines or requirements for privacy, intellectual property, security, and records retention.

UW-Stout - Non-UW-Stout Applications and Services Guidelines

Applies to anyone contracting or otherwise acquiring use of non-UW-Stout-owned or -operated applications and services for university business.

Applications and services that are not owned and operated by UW-Stout might not comply with UW-Stout and UW System policies, guidelines[DD1]  or requirements for privacy, intellectual property, security, and records retention. Faculty and staff using or considering the use of non UW-Stout applications and services should take these factors into account when selecting applications and services.

Please see 70506 for a list of cloud services that UW-Stout has already deployed for general use at UW-Stout.

Some examples of non-UW-Stout applications and services include:

Dropbox

Google Drive

OneDrive(associated with a personal account)

Amazon Web Service (AWS)

NOTE: Departments and individuals, particularly those hosting content outside the university's system, must ensure that the hosting option they choose meets requirements for security and privacy mandated by HIPPA, FERPA, and other legal or ethical requirements.

For more information on FERPA and HIPPA requirements see:
     http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
     http://www.hhs.gov/ocr/privacy/

 

Guidelines

Applications and services that are not owned and operated by UW-Stout might not meet UW-Stout guidelines or requirements for privacy, intellectual property, security, and records retention. Faculty and staff using or considering the use of non UW-Stout applications and services should take these factors into account when selecting applications and services.

 Understand the risks to you and others

  • Providers may require the user to agree to a Terms of Service agreement. This is a legal contract. Only a few UW-Stout administrators are authorized to enter into legal contracts on behalf of the university. Users without that authority become personally responsible for the terms of the agreement and any problems that may arise.
  • Providers may change their Terms of Service without notice. Check periodically to see if it is still acceptable.
  • UW-Stout has already signed agreements with some providers. See UW-Stout Applications and Services Agreements for details.

 

Protect sensitive research data and other sensitive information

  • Comply with research grant and other contractual and legal requirements to protect sensitive information. There may be requirements that a non UW-Stout application or service cannot meet.
  • Restrict access to any sensitive information, so that only those with a “need to know” can access it.
  • Do not include any personally identifiable information if you can avoid it.
  • Remove data when it is no longer needed.

 

Protect student privacy

  • Comply with FERPA (Family Educational Rights and Privacy Act) requirements to protect student privacy.
  • Restrict access to student content whenever possible, so that only those who “need to know” have access.
  • Suggest students use aliases when creating accounts, particularly if student work is publicly available.
  • Do not place any personally identifiable information in content. Avoid referring to students by full name.
  • Limit students’ postings to course-related content. Delete student content when no longer needed.
  • Obtain student written consent for continued use of student materials beyond the current class.


 Communicate the use of non UW-Stout applications and services to students

  • Use of non UW-Stout applications and services should not create an undue burden for students who do not agree to the conditions of use. Instructors should weigh the needs of the course activity against the student’s privacy rights.
  • Instructors should communicate their intent to use non-UW-Stout applications and services, along with a summary of issues, conditions of use, and risks to students in the course syllabus. This allows a student to decide whether to withdraw from the course, or request alternate solutions. Consider that withdrawal may not be possible because the course is required, is offered in a sequence, is not offered regularly, or is only offered by one instructor.
  • Refer students who are concerned about their privacy to the Dean of Students office.

Understand who owns content and what they can do with it

  • Placing content on a non UW-Stout application or service may constitute “publication” of intellectual property, and may inhibit other publication of the work, or prevent a successful patent application.
  • Review the Terms of Service agreement:
    1. Who owns the intellectual property rights when content is created or uploaded to the application or service?
    2. Does the provider claim any rights to use the content created or uploaded to the application or service?
    3. If there is a right of use claim, when and how are these rights terminated?
  • Identify content as “© 20XX The University of Wisconsin System Board of Regents” when appropriate.

Consider accessibility, support, retrieval, retention, and backup

  • Ensure non UW-Stout applications or services meet campus web accessibility requirements.
  • Existing campus support might not resolve technical issues. Users might have to deal with the provider directly.
  • Ensure that records can be retrieved from the provider. UW-Stout records are subject to public records law.
  • Ensure that university records are retained according to records retention schedules.
  • Back up material regularly. Many providers assume no responsibility for backing up content.

 References

Public Records Law - http://legal.wisc.edu/public-records.htm
Acceptable Use Policy - https://www.wisconsin.edu/uw-policies/uw-system-administrative-policies/information-security-acceptable-use/
Web Accessibility Policy - https://www.uwstout.edu/parq/upload/webpolicy-update-final-2015.pdf
Data Classification Policy - https://www.wisconsin.edu/uw-policies/uw-system-administrative-policies/information-security-data-classification/
Protecting Your Student Data - http://www.uwstout.edu/regrec/records.cfm
University Records Schedules - http://www.library.wisc.edu/archives/records-management/retention-disposition/
HIPAA Security Officer and Coordinators - http://www.hipaa.wisc.edu/security-contacts.htm
UW-Stout Information Technology website - http://www.uwstout.edu/lit/
UW-Stout Applications and Services Agreements - https://kb.wisc.edu/itpolicy/cio-non-uw-services-agreements





Keywords:DropBox, Google Drive, AWS   Doc ID:70503
Owner:Mike D.Group:UW Stout
Created:2017-02-07 13:26 CSTUpdated:2017-02-10 08:24 CST
Sites:UW Stout
Feedback:  0   0