Topics Map > UW-Madison > Cybersecurity > Education, Training and Awareness
Topics Map > UW-Madison > Cybersecurity > Privacy

UW-Madison - CIO - Collection of Personal Identity Information via Email Policy

Applies to UW-Madison faculty, staff and contractors. Also relevant to alumni, applicants, parents, and students.


Policy

UW-Madison units and contractors may not collect personal identity information including restricted information and passwords via email.

Background

Phishing scams continue to be a problem at UW-Madison. Despite various information security awareness programs, a significant number of students and staff still disclose personal financial or identity information in response to fraudulent emails and web sites.

The CIO's Office, in conjunction with a working group of the Madison Technical Advisory Group (MTAG), has put systems in place to minimize the risks associated with phishing scams. Part of the challenge, though, is that the phishing attempts often look like legitimate communications, with senders posing as University departments or other official businesses.

Awareness and education are critically important in our efforts to protect the UW-Madison community from phishing scams. We cannot tell campus users it's not okay to disclose their identity information in some places, but that it's okay to do it for the University. Not only does this send a mixed message, but it overlooks the fact that email scams can so convincingly spoof our efforts.

After coordinating with several campus leadership groups, the CIO's office has released a promotional campaign that informs the UW-Madison community that "The UW won't ask you to reveal personal identity information via email." (See: https://it.wisc.edu/email-scams-phishing.)

Authority

Issued by the UW-Madison Vice Provost for Information Technology.

Enforcement

Failure to comply may result in disciplinary action up to and including termination of employment.

Contact

Please address questions or comments to policy@cio.wisc.edu.

References


Effective:   Feb 11, 2009
Revised:    June 29, 2009
Reviewed:  Jul, 2013
Review by: Jul, 2017
Maintained by: Office of the CIO, IT Policy

History at: https://kb.wisc.edu/itpolicy/cio-collection-of-pii-via-email-history
Reference at: https://kb.wisc.edu/itpolicy/cio-collection-of-pii-via-email-policy

Text in italics is not part of the official text. Please link to this page when referring to this document.




Keywords:policies definitions policy requirements definition requirement requirements, administrators faculty it-security-staff it-staff managers administration information-technology security, cloud-services security cloud cybersecurity, collection, education-and-training privacy education awareness training seta restricted-data restricted pii   Doc ID:59199
Owner:GARY D.Group:IT Policy
Created:2015-12-29 14:18 CDTUpdated:2016-11-27 16:55 CDT
Sites:IT Policy
CleanURL:https://kb.wisc.edu/itpolicy/cio-collection-of-pii-via-email-policy
Feedback:  0   0