Loyola University Chicago

- Navigation -

Loyola University Chicago

Information Technology Services

Personal Info Protection

Personal Information Protection Compliance Review

Scope:

The Personal Information Protection Compliance Review Protocol covers all users of computers, electronic devices, and media capable of storing Loyola Protected data or Loyola Sensitive data as defined by the Data Classification Policy

Purpose:

The purpose of this protocol is to ensure that all divisions and departments of Loyola University Chicago are in, and remain in, compliance with the Policies established for the security of Loyola Protected data or Loyola Sensitive data. 

Policy:

Each division will conduct compliance reviews in accordance with the Loyola Protected Data & Loyola Sensitive Data Identification Policy.

Each division or department head will designate one individual as the department’s primary data steward and one individual as the department’s alternate data steward. If the primary data steward is unable to perform their listed duties, the alternate data steward will perform those duties. The duties of the two data stewards cannot be delegated further. Each division or department will communicate the names of the designated data stewards to ITS. The primary data steward has primary responsibility for the security of information within their division. This will be the same person who is responsible for ensuring the department performs the necessary scans as defined in Loyola Protected Data & Loyola Sensitive Data Identification Policy. The role of the designated individual may be rotated. The alternate data steward will assist the primary data steward, and perform the functions of the primary data steward if the primary data steward is unavailable to do so.

The primary data steward will be responsible for conducting the review of his/her department or division, reviewing scan results, ensuring compliance with all policies listed in the appendix in the Applicable Policies Covered section, confirming that all devices covered by the Loyola Protected Data & Loyola Sensitive Data Identification Policy were scanned, and certifying on the certification form shown in the appendix that their office meets the identified security standards.

ITS and HR will train the data stewards on information security policies. Each department shall provide additional training to their data stewards on the local, state and federal regulations or standards on information security that apply to their department. The primary data steward will be responsible to make certain that all staff members, department heads, student workers in, and outside parties used by, their department are fully aware of Loyola University Chicago’s information security policies. They will arrange special training as needed by contacting subject matter experts listed in the appendix.

Questions about this policy

If you have questions about this policy, please contact the Information Security team at DataSecurity@luc.edu.

Policy  adherence

Failure to follow this policy can result in disciplinary action as provided in the Staff Handbook, Student Worker Employment Guide, and Faculty Handbook. Disciplinary action for not following this policy may include termination, as provided in the applicable handbook or employment guide.

 

Appendix

Applicable Policies Covered

Data Classification Policy

Physical Security of Loyola Protected Data & Loyola Sensitive Data

Electronic Security of Loyola Protected Data & Loyola Sensitive Data

Loyola Protected Data & Loyola Sensitive Data Identification

Disposal of Loyola Protected Data & Loyola Sensitive Data

Loyola Encryption Policy

Data Breach Response Policy

Definitions

Primary data steward – The person who has primary responsibility for the security of information within their division. This will be the same person who is responsible for ensuring the department performs the necessary scans as defined in Loyola Protected Data & Loyola Sensitive Data Identification Policy.

Alternate data steward – The person who will assist the primary data steward, and perform the functions of the primary data steward if the primary data steward is unavailable to do so.

History

March 4, 2008: Initial policy

July 15, 2013: Annual review for PCI Compliance

June 4, 2014: Annual review for PCI Compliance

Loyola

Information Technology Services
1032 W. Sheridan Ave. · Chicago, IL 60660 · 773.508-4ITS

InfoServices@luc.edu

Notice of Non-discriminatory Policy