Data Security and Stewardship Committee
Cordelia Camp 101a
Wednesday, May 27, 2009
Present / Pam Buchanan, Steve Christison, Lisa Gaetano, LarryHammer, GaryJones, DebbieJustice, Scott Koger, Mary Ann Lochner, BilStahl, Scott Swartzentruber, and Mike Stewart
Absent / Zeta Smith
Recorder / Jenny Owen
Approval of Minutes / ·  Bil Stahl made a motion to approve the minutes from the Data Security and Stewardship Committee (DSSC) meeting that was held on Thursday, April30,2009. There was no opposition, and the motion carried unanimously.
Role of the DSSC in the University’s Disaster Preparedness Planning / ·  Stahl reported that Chancellor Bardo has established a disaster preparedness and recovery team whose objectives will be to update and revise business continuity plans across the University and to develop an all-hazards plan for the University. Stahl explained that the newly appointed Disaster Preparedness and Recovery Team will be responsible for ongoing, programmatic oversight for the University’s disaster preparedness. Stahl said there will be times when DSSC will be asked to follow up on items from the Disaster Preparedness and Recovery Team.
Action Item / ·  Stahl will notify the DSSC when the University’s State IT Audit is released sometime in July. Stahl added that access control was a large part of this audit.
Oversight of Policy 106 – Identity Theft Prevention Program / ·  Mary Ann Lochner talked to DSSC members about their new role in helping to oversee the University’s new Policy 106 – Identity Theft Prevention Program. Lochner explained that this new policy came about because of a federal requirement for organizations to establish identity theft programs. Since the University has a role as a “creditor” under certain circumstances, this federal requirement applied to us. The CIO (as program administrator for this policy) will be delegating to DSSC members, Policy 106-related issues. Lochner suggested DSSC members review the policy or at least to read pages 1-8. She added that several other internal policies and procedures were appended to Policy106.
·  The WCU Board of Trustees will formally adopt and approve Policy 106 at their upcoming meeting on June 5.
·  The FTC gave the University until August 1 to fully implement the policy.
·  Lochner explained how she thought the DSSC might work to help the University become compliant with Policy 106 by the August 1 deadline:
o  Those DSSC members, who work in the “broad areas” that would be affected by Policy 106, would help those areas to develop activities, policies and/or procedures that would make them compliant. Then those DSSC members would bring any proposed activities, policies and/or procedures to the DSSC for review.
Action Item / ·  After a lengthy discussion, Lochner said she would create some standard forms for (1) vendor amendments to existing contracts, and (2) addenda to contracts that we are negotiating. These forms will be necessary in order to comply with both Gramm Leach Bliley and with Red Flag Rules. Lochner will send the draft forms to DSSC members for review.