Give Now

Security

Policies and Legislation

University Policies

12.1 Intellectual Property Policy – Policy which delineates the rights and obligations of both an individual (Faculty, Administrator, Student, or Staff) and the University with regard to intellectual property

12.2 Copyright Policy - Policy which states the University’s compliance with federal copyright laws

12.3 Computing and Communications Policy - Rules which govern the appropriate use of SMU computing and network resources.

12.4 Electronic Payment Processing Policy – Outlines the methods by which University departments may participate in electronic commerce, and how personal information must be protected during transactions.

12.5 Information Security Policy– Defines the basic security measures and controls for managing information and technology at SMU.

12.6 Password Management Policy (under review) – Defines the University’s power to regulate and manage passwords at SMU, and outlines the responsibilities for password management.

12.6 Password Management Policy (draft)

12.x Use and Protection of Personal Information Policy (draft) – Policy which defines how personal information may be accessed, and requirements for electronically storing this information.

IT Procedures

Information Security Incident Response Procedures - Outlines the procedures that Information Security personnel follow in response to an information security incident.

Server Procedures for Personal Information Servers Document outlining required security procedures for servers that store Personal Information at SMU

Registration Form for Servers that store Personal Information (Draft) - Per the Security Procedures for Personal Information Servers, all servers which store Personal Information are required to complete a defined registration process before they may be used to store Personal Information at SMU.

Security Procedures for Personal Information Computers -Document outlining required security procedures for computers which store Personal Information at SMU.

Personal Information Storage Exception Procedures (draft) -Any device which stores Personal Information, but does not meet all applicable requirements in the "Security Procedures for Personal Information Servers" or the "Security Procedures for Personal Information Computers" must follow these exception procedures.

Exception Form for Personal Information Storage Exception (draft) -Per the Personal Information Storage Exception Procedures, certain devices which store Personal Information must be approved before they may be used to store Personal Information at SMU.

Destruction of Electronic Personal Information Data Procedures (draft) -Document describing when and how electronic Personal Information must be sanitized, and who bears associated responsibilities.

Desktop Database Security: Policy and Best Practices

Identity Theft Prevention Program-- Outlines a program that is designed to identify, detect, and mitigate identity theft in connection with SMU accounts in response to the Federal Trade Commission's "Red Flag Rules".

Federal Regulation

FERPA: FERPA protects the privacy of students' education records by enforcing limitations on the release of student information. Particularly sensitive information includes students' Social Security numbers, race or ethnicity, gender, nationality, academic performance, disciplinary records, and grades.

Health Insurance Portability and Accountability Act of 1996 (HIPAA): HIPAA is a federal law comprised of regulations that establish and protect patient rights and disseminate standards for the protection of individually identifiable health information.

Gramm-Leach-Bliley Act: GLBA sets forth key provisions on the collection and disclosure of consumer's personal financial information, such as bank account numbers.

FACTA Red Flags: The Federal Trade Comission, in conjunction with several other agencies set out a list of guidelines, collectively called the Red Flag Rules, that regulate how Universities will address potential incidents of Identity Theft.

 

State Regulation

Texas 78(R) SB 473: An Act relating to assisting consumers to prevent and detect identity theft; providing penalties.

Texas 79(R) SB 122: An Act relating to the prevention and punishment of identity theft and the rights of certain victims of identity theft; providing penalties.

Texas Penal Code 7.33: Criminal statute regarding Computer Crimes

Texas Penal Code 32.51: Criminal statute regarding Fraudulent Use or Possession of Identifying Information.