UW-Madison - IT - Collection of Personal Identity Information via Email - History
Return to: CIO - Collection of Personal Identity Information via Email
Date | Activity |
---|---|
Oct, 2017 | Reviewed. The policy statement is ambiguous. It appears to prohibit email marketing that could result in a person initiating a relationship with UW-Madison when in the process of doing they would need to provide PII, for example, a prospective student applying to attend. That was not the intent. The original intent was that no one be asked via email to transmit PII or passwords via email. In addition, that original intent is now too narrow, because phishing attempts have grown more sophisticated and there are now additional methods used to attempt to deceive the recipient, for example, encouraging the recipient to click on a link that is superficially legitimate but actually sends them to a malicous site. In addition, there is little guidance regarding the preferred way(s) to collect PII, for example, sending the person to a secure website in the wisc.edu domain, or using some other electronic method that can be clearly and easily distinghuished from a phishing attempt. |
Dec 29, 2015 | Jun 29, 2009 version, maintenance revision A. Migrated to IT Policy KB. Fixed links, updated meta-data, and added history. No substantive changes. |
Aug, 2015 | Migrated to IT.WISC.EDU web site. No substantive changes. |
Jan, 2015 | Migrated to interim CIO web site. No substantive changes. |
Jul, 2013 | Reviewed policy. OK. |
Aug, 2011 | Reviewed policy. OK. |
Jun 29, 2009 | Revised policy, based upon feedback from governance groups and individuals. |
Feb 11, 2009 | Effective date of policy. |
Development history is at: https://wiki.doit.wisc.edu/confluence/display/POLICY/COPE (on IT Policy Wiki)