Control of Electronic Media

Policy Statement

The purpose of this policy is to provide safeguards for electronic media to prevent loss of access to, or unauthorized disclosure of, University Data.

Applicability

This policy applies to all electronic media used with university Information Systems or University Data.

Definitions

Information System: An individual or collection of computing and networking equipment and software used to perform a discrete business function. Examples include the eLearning System, ISIS, the EPIC electronic medical records system, a lab system and associated PC or the set of desktop computers used to perform general duties in a department.

Restricted Data: Data in any format collected, developed, maintained or managed by or on behalf of the University, or within the scope of University activities, that are subject to specific protections under federal or state law or regulations or under applicable contracts. Examples include, but are not limited to medical records, social security numbers, credit card numbers, Florida driver licenses, non-directory student records, research protocols and export controlled technical data.

University of Florida Data: Data in any format collected, developed, maintained or managed by or on behalf of the University, or within the scope of University activities. The terms ‘data’ and ‘information’ are used interchangeably in the context of the information security program.

Policy Specifics

1. All electronic media must be securely erased or destroyed prior to disposal, transfer or reuse outside of the university. The University Standard for Media Sanitization must be followed.
2. Electronic media containing Restricted Data must be protected from theft, accidental loss or damage in accordance with all UF information security and privacy policies and standards.

Review and Adjudication

1. All members of the University of Florida Constituency are responsible for protecting electronic media under their use or control.
2. All members of the University of Florida Constituency must promptly report loss or theft of electronic media containing Restricted Data to the UF Privacy Office.
3. Information Security Administrators (ISAs) are responsible for developing and implementing procedures to protect electronic media.
4. The Vice President and Chief Information Officer is responsible for implementing systems and specifications to facilitate unit compliance with this policy.

Policy Violations

Failure to comply with this policy could result in disciplinary action for employees, up to and including termination. Volunteers may have their volunteer status terminated.

History