UW-Madison - IT - Collection of Personal Identity Information via Email - History

Return to: CIO - Collection of Personal Identity Information via Email

Review and Revision History
Date                 Activity
Oct, 2017 Reviewed. The policy statement is ambiguous. It appears to prohibit email marketing that could result in a person initiating a relationship with UW-Madison when in the process of doing they would need to provide PII, for example, a prospective student applying to attend. That was not the intent. The original intent was that no one be asked via email to transmit PII or passwords via email. In addition, that original intent is now too narrow, because phishing attempts have grown more sophisticated and there are now additional methods used to attempt to deceive the recipient, for example, encouraging the recipient to click on a link that is superficially legitimate but actually sends them to a malicous site. In addition, there is little guidance regarding the preferred way(s) to collect PII, for example, sending the person to a secure website in the wisc.edu domain, or using some other electronic method that can be clearly and easily distinghuished from a phishing attempt.
Dec 29, 2015 Jun 29, 2009 version, maintenance revision A. Migrated to IT Policy KB. Fixed links, updated meta-data, and added history. No substantive changes.
Aug, 2015 Migrated to IT.WISC.EDU web site. No substantive changes.
Jan, 2015 Migrated to interim CIO web site. No substantive changes.
Jul, 2013 Reviewed policy. OK.
Aug, 2011 Reviewed policy. OK.
Jun 29, 2009 Revised policy, based upon feedback from governance groups and individuals.
Feb 11, 2009 Effective date of policy.

Development history is at: https://wiki.doit.wisc.edu/confluence/display/POLICY/COPE (on IT Policy Wiki)

Keywords: pii cioDoc ID:59200
Owner:Ed J.Group:IT Policy
Created:2015-12-29 14:19 CDTUpdated:2018-11-17 11:24 CDT
Sites:IT Policy
Feedback:  0   0