Technology changes on a daily basis. It allows students, faculty and staff to leverage innovations that help us all work faster, smarter and achieve more, but protecting information and assets is becoming increasing difficult in this hyper-connected world.
In an effort to protect the information of students, faculty, staff, alumni and friends, the University, working through the Information Security, Risk and Compliance Committee, is developing policies and process to help classify, find and secure information in compliance with state and federal regulations.
Protecting data at WPI will be addressed in five major phases. They include:
- Identifying Sensitive Information. Not all data are equal; to help with the process of identifying what information is considered confidential, WPI created a Data Classification and Usage Policy which breaks out data into four major categories.
- Providing Rules for Data Usage. Understanding how to access and store restricted use information vs. unrestricted information is also critical to keeping information safe. To assist with this process, rules on how to store and use data properly are also detailed in WPI's Data Classification and Usage Policy.
- Reviewing Data Collection Practices. On a routine basis, many employees receive sensitive data in both electronic and paper form. As part of WPI's efforts to comply with state regulations, we will work with various departments on Data Privacy Assessments to ensure that the institution is handling all sensitive information properly.
- Retention and Destruction. Confidential data becomes more vulnerable to mishandling the longer it sits around. Data retention policies are useful documents that deal with complex issues of maintaining information for a pre-determined length of time. The Information Security, Risk and Compliance Committee is working on revising WPI's Retention and Destruction Policy. More details will be coming soon.
- Awareness and Training. Understanding threats to information is very important in avoiding data breaches. Over the next year, we will be continually adding to the FAQ section of this web site to share best practices and educate the community on the information security risks we are seeing.