Minutes for meeting of 10 November, 2006

IT Policy Task Force

Meeting of 10 November 2006

9 -10 am, Computing Center rm 185
in attendance:Andrew Bonamici, Jon Miyake, Noreen Hogan, Cleven Mmari, Erin O’Meara, Joe St. Sauver, Josh Ward

absent (all RSVPd): James Bailey, Randy Geller/Melinda Grier

1. Approved minutes from last meeting

2. Discussed template inventory process & problems experienced to date. What do the categories mean, & what are the associated questions? Looking at the e-mail category, for example, a wide range of questions & issues emerged:

- spam/phishing—incoming &/or outgoing?
- blocking/unblocking
- spam filtered by default or not?
- attachments/defanging
- where should your email be? dept or uoregon?
- forwarding off-campus (FERPA, sensitive info, etc.)
- sending sensitive info (SSNs etc.) via email
- public record inplications/FOIA/civil discovery (articulate with records retention)
- access by supervisors/managers; terminated employees; mixed student-employee use
- size of attachments
- practice of using generic accounts (departmental accounts used by multiple people)
- mailing lists
- other communication tools—IM, IRC, Jabber, forums,

-records retention issues -- deletion of mail (per records manual); appropriate capture elements for retention—header, footer, addresees, etc.; creator is responsible for retention; need to include definition of public record & interpret (with legal) in future policy. What policies do we need to have in place (at least on the record) to respond to a records audit? Erin will share the State Archives e-mail manual and the e-mail policy template recently developed for CAS. At the state state level, OUS has delegated authority to pull out from under DAS. Erin is focusing on Oregon Revised Statutes that are OUS-specific; we will need to compare DAS IRMD vs OUS policies.

NEXT STEP: Create a writeboard (secure wiki) for each category & add a list of questions like these. Task force members will do this for the categories they are assigned, then the group will add to the list & we will discuss meeting-by-meeting. Please include your initials next to comments you are adding to someone else’s writeboard.

3. How to organize UO policy scan
a. search UO web
b. look through Randy’s draft & other in-process documents
c.look for best practice examples from other schools; EDUCAUSE, etc.
d. look for issues and concerns that aren’t currently addressed by central policies (academic freedom is a good example). HIPPAA — Health Ctr, Counseling Ctr, EC Cares, ASUO insurance; Athletic Training, others??
e. survey schools/colleges/units if necessary for policies that we might have missed

General discussion: once we have policy statements, what mechanisms will be in place to communicate, train, & impose the policy on the entire campus? What consequences will be in place for policy violations?

Plans for future meetings (Fridays at 9 am)