WiscWeb - WordPress UW Theme - Sensitive and Restricted Data Policy

The following document outlines the WiscWeb policy regarding sensitive, restricted, and protected data.

Basic Policy

WiscWeb cannot be used to store, display, or request any data that is considered sensitive or restricted. By default, all WiscWeb data will be publicly accessible.

Forms

It is important to note that data and content harvested through Gravity Forms is stored (via "Entries") in WiscWeb. Therefore, forms should not be used to prompt for any data that is considered sensitive or restricted. If members of the team find that a form includes fields that prompt for this type of data, the Primary Contact will be contacted and be asked to remove these fields and form entries that include this data. Additionally, the data will need to be removed from the WiscWeb database**.

**WiscWeb is a multi-site instance of WordPress. As such, all 1,000+ sites sit on a single database.

Examples of Sensitive/Restricted Data

  • Employee and student identification numbers (Campus ID #'s)
  • Social security numbers 
  • Drivers license numbers and state resident/personal identification numbers 
  • Financial account number (including credit/debit card) or any security code, access code or password that would permit access to an individuals financial account 
  • Protected health information (any information about the health status, provision of health care, or payment for health care) (except workmans comp)
  • Passport numbers and alien registration numbers
  • Military ID number 
  • Personal information such as date of birth and mothers maiden name 
  • Digitized signatures (ink signatures that have been digitized) 
For more information on sensitive and restricted data and for more classification examples, please see UW-Madison - IT - Data Classification Policy

Troubleshooting

  • Unsure if something is considered sensitive or restricted? Reach out to the DoIT Help Desk. They can redirect you to the DoIT Cybersecurity team, who will be able to answer your questions.

See Also:




Keywords:sensitive, restricted, PHI, HIPAA, protected, data, forms, content, include, request, classified, classification   Doc ID:98242
Owner:Jenna K.Group:WiscWeb CMS
Created:2020-02-26 09:52 CDTUpdated:2020-03-26 19:59 CDT
Sites:DoIT Help Desk, WiscWeb CMS
Feedback:  0   0