UW-Madison - IT - Collection of Personal Identity Information via Email Policy
Applies to UW-Madison faculty, staff and contractors. Also relevant to alumni, applicants, parents, and students.
PolicyUW-Madison units and contractors may not collect personal identity information including restricted information and passwords via email.
Phishing scams continue to be a problem at UW-Madison. Despite various information security awareness programs, a significant number of students and staff still disclose personal financial or identity information in response to fraudulent emails and web sites.
The CIO's Office, in conjunction with a working group of the Madison Technical Advisory Group (MTAG), has put systems in place to minimize the risks associated with phishing scams. Part of the challenge, though, is that the phishing attempts often look like legitimate communications, with senders posing as University departments or other official businesses.
Awareness and education are critically important in our efforts to protect the UW-Madison community from phishing scams. We cannot tell campus users it's not okay to disclose their identity information in some places, but that it's okay to do it for the University. Not only does this send a mixed message, but it overlooks the fact that email scams can so convincingly spoof our efforts.
After coordinating with several campus leadership groups, the CIO's office has released a promotional campaign that informs the UW-Madison community that "The UW won't ask you to reveal personal identity information via email." (See: https://it.wisc.edu/guides/scams-to-avoid-protecting-your-online-identity/.)
Issued by the UW-Madison Vice Provost for Information Technology.
EnforcementFailure to comply may result in disciplinary action up to and including termination of employment.
Please address questions or comments to firstname.lastname@example.org.
- IT Policy Glossary: https://kb.wisc.edu/itpolicy/glossary
- Phishing Scams: https://it.wisc.edu/guides/scams-to-avoid-protecting-your-online-identity/ (on it.wisc.edu)
- Data Classification Policy: https://kb.wisc.edu/itpolicy/cio-data-classification-policy
Effective: Feb 11, 2009
Revised: June 29, 2009
Reviewed: Oct, 2017
Review in: Two years
Maintained by: Office of the CIO, IT Policy
History at: https://kb.wisc.edu/itpolicy/cio-collection-of-pii-via-email-history
Reference at: https://kb.wisc.edu/itpolicy/cio-collection-of-pii-via-email-policy