The University enacted a Data Security Policy in May 2007. See: http://www.bc.edu/datasecuritypolicy for the full text of the policy.
The purpose of the policy is to ”outline essential roles and responsibilities within the University community for creating and maintaining an environment that safeguards data from threats to personal, professional and institutional interests.”
The policy concerns all physical documents, electronic databases, or other collections of information collected, stored or used by any department or person in connection with University operations. Information covered in the policy is classified into three categories, according to the level of security required. These security classifications are “Confidential,” “Internal Use Only,” and “Public.”
-
Confidential Information includes sensitive personal and institutional information, and must be given the highest level of protection against unauthorized access, modification or destruction.
-
Internal Use Only Information includes data that is less sensitive than Confidential information, but that, if exposed to unauthorized parties, may have an indirect or possible adverse impact on Boston College.
-
Public Information is information that is generally available to the public, or that, if it was to become available to the public, would have no material adverse affect on Boston College.
Data Security Officers have been appointed by each Dean or VP to a Data Security Working Group to help develop procedures and guidelines, and to assist the University in the implementation of the policy.
Violations of the policy will lead to appropriate disciplinary action, which could include temporary or permanent restrictions on access to certain information or networks. For more information on this policy, contact your Data Security Officer or Vice President.