Topics Map > UW-Madison > Records Management
Topics Map > UW-Madison > CIO > Accessibility
Topics Map > UW-Madison > CIO > Resource Management
Topics Map > UW-Madison > CIO > Intellectual Property
Topics Map > UW-Madison > CIO > Networking and Telecommunications
Topics Map > UW-Madison > CIO > Identity and Access Management
Topics Map > UW-Madison > Cybersecurity > Access Control
Topics Map > UW-Madison > Cybersecurity > Aquisition and Development
Topics Map > UW-Madison > Cybersecurity > Privacy

UW-Madison - CIO - Non-UW-Madison Applications and Services Guidelines

Applies to anyone contracting or otherwise acquiring use of non-UW-Madison-owned or -operated applications and services for university business.

Applications and services that are not owned and operated by UW-Madison might not meet UW-Madison guidelines or requirements for privacy, intellectual property, security, and records retention. Faculty and staff using or considering the use of non UW-Madison applications and services should take these factors into account when selecting applications and services.

Please see Non-UW-Madison Applications and Services Agreements for a list of major cloud services that UW-Madison has already deployed for general use at UW-Madison.


Guidelines

Applications and services that are not owned and operated by UW-Madison might not meet UW-Madison guidelines or requirements for privacy, intellectual property, security, and records retention. Faculty and staff using or considering the use of non UW-Madison applications and services should take these factors into account when selecting applications and services.

Understand the risks to you and others

  • Providers may require the user to agree to a Terms of Service agreement. This is a legal contract. Only a few UW-Madison administrators are authorized to enter into legal contracts on behalf of the university. Users without that authority become personally responsible for the terms of the agreement and any problems that may arise.

  • Providers may change their Terms of Service without notice. Check periodically to see if it is still acceptable.

  • UW-Madison has already signed agreements with some providers. See Non-UW-Madison Applications and Services Agreements for details.

  • Contact Legal Affairs at 263-7400 for assistance understanding the associated risks.

Protect sensitive research data and other sensitive information

  • Comply with research grant and other contractual and legal requirements to protect sensitive information. There may be requirements that a non UW-Madison application or service cannot meet.

  • Restrict access to any sensitive information, so that only those with a “need to know” can access it.

  • Do not include any personally identifiable information if you can avoid it.

  • Remove data when it is no longer needed.

Protect student privacy

  • Comply with FERPA (Family Educational Rights and Privacy Act) requirements to protect student privacy.

  • Restrict access to student content whenever possible, so that only those who “need to know” have access.

  • Suggest students use aliases when creating accounts, particularly if student work is publicly available.

  • Do not place any personally identifiable information in content. Avoid referring to students by full name.
  • Limit students’ postings to course-related content. Delete student content when no longer needed.

  • Obtain student written consent for continued use of student materials beyond the current class.

Communicate the use of non UW-Madison applications and services to students

  • Use of non UW-Madison applications and services should not create an undue burden for students who do not agree to the conditions of use. Instructors should weigh the needs of the course activity against the student’s privacy rights.

  • Instructors should communicate their intent to use non-UW-Madison applications and services, along with a summary of issues, conditions of use, and risks to students in the course syllabus. This allows a student to decide whether to withdraw from the course, or request alternate solutions. Consider that withdrawal may not be possible because the course is required, is offered in a sequence, is not offered regularly, or is only offered by one instructor.

  • Refer students who are concerned about their privacy to the Dean of Students office.

Understand who owns content and what they can do with it

  • Placing content on a non UW-Madison application or service may constitute “publication” of intellectual property, and may inhibit other publication of the work, or prevent a successful patent application.

  • Review the Terms of Service agreement:

    1. Who owns the intellectual property rights when content is created or uploaded to the application or service?

    2. Does the provider claim any rights to use the content created or uploaded to the application or service?

    3. If there is a right of use claim, when and how are these rights terminated?

  • Identify content as “© 20XX The University of Wisconsin System Board of Regents” when appropriate.

Consider accessibility, support, retrieval, retention, and backup

  • Ensure non UW-Madison applications or services meet campus web accessibility requirements.

  • Existing campus support might not resolve technical issues. Users might have to deal with the provider directly.

  • Ensure that records can be retrieved from the provider. UW-Madison records are subject to public records law.

  • Ensure that university records are retained according to records retention schedules.

  • Back up material regularly. Many providers assume no responsibility for backing up content.

References

Public Records Law - http://legal.wisc.edu/public-records.htm
Responsible Use Policy - https://kb.wisc.edu/itpolicy/cio-responsible-use-policy
Web Accessibility Policy - https://kb.wisc.edu/itpolicy/cio-accessibility-policy
Data Classification Policy - https://kb.wisc.edu/itpolicy/cio-data-classification-policy
Protecting Your Student Data - https://registrar.wisc.edu/ferpa_guidelines_faculty_staff.htm
University Records Schedules - http://www.library.wisc.edu/archives/records-management/retention-disposition/
Research Data Sharing and Security - http://researchdata.wisc.edu/data-access-2/
HIPAA Security Officer and Coordinators - http://www.hipaa.wisc.edu/security-contacts.htm
UW-Madison Information Technology website - http://it.wisc.edu/
Human Research Protection Program (HRPP) - http://www.grad.wisc.edu/research/hrpp/
Non-UW-Madison Applications and Services Agreements - https://kb.wisc.edu/itpolicy/cio-non-uw-services-agreements
Non-UW-Madison Applications and Services Guidelines - https://kb.wisc.edu/itpolicy/cio-non-uw-services-guidelines


Effective:   Jul 22, 2009
Revised:    Nov 01, 2013 RevB
Reviewed:  Jan, 2016
Review by: Jan, 2018
Maintained by: Office of the CIO, IT Policy
History at: https://kb.wisc.edu/itpolicy/cio-non-uw-services-history
Reference at: https://kb.wisc.edu/itpolicy/cio-non-uw-services-guidelines
Contact:

Please address questions or comments to policy@cio.wisc.edu.




Keywords:guidelines recommendations guideline recommendation, administrators faculty instructors it-security-staff it-staff researchers administration instruction information-technology research security, accessibility cloud-services copyright identity-management intellectual-property mobile-devices network personally-owned-devices records-management resource-management security cloud cybersecurity devices identity intellectual mobile networking personal personally property records resource telecommunications, access archive business-use collection disposal monitoring retention storage transmission distribution, access-control acquisition-and-development education-and-training privacy risk-management access acquisition development education awareness risk training seta rmf restricted-data sensitive-data hipaa-data ferpa-data restricted-research-data sensitive-research-data copyrighted-data restricted sensitive hipaa ferpa fisma research copyright   Doc ID:59333
Owner:GARY D.Group:IT Policy
Created:2016-01-05 23:00 CDTUpdated:2016-11-27 11:22 CDT
Sites:IT Policy
CleanURL:https://kb.wisc.edu/itpolicy/cio-non-uw-services-guidelines
Feedback:  0   0