Are data gathered using the ODBC drivers against InfoSource encrypted?
No, userid and password are encrypted, but the data are not. We would need an additional Oracle product to encrypt this data. This product is not included in the SUNY contract. Of course UB could choose to purchase it or look to a third party vendor. • Will the data trustees/custodians be responsible for sensitive information made available within the InfoSource tables? Will there be a CIO-led effort to review availability of SSN (and other sensitive data) within InfoSource tables, possibly resulting in multiple tables (1 with and 1 without SSN) by need? • We have already begun to use the stated language on VPEP- maintained web sites where SSN is collected. • We believe that the final policy should reside (be linked) in multiple places (MyUB for faculty/staff, CIT website, SRC “for offices” site, faculty handbook, new faculty and staff orientation materials, and be part of an annual communications campaign to faculty and staff on this and FERPA.
