Managing Sensitive Data (MSD) Overview
Updates
On July 2, 2007, important amendments to the Michigan Identity Theft Protection Act take effect. The act regulates how and when organizations need to report data security breaches.
Check our Laws and Policies page for MSU's Guidelines for Internal and External Reporting of Data System Security Breaches and the MSU Social Security Number Privacy Policy.
In order to operate, MSU must handle information. This information includes data on students, employees, alumni, donors, clients, patients, patrons, partners, and other affiliates.
As part of data stewardship and governance, the university has the responsibility to take all practical measures to protect the privacy and confidentiality of this information and manage sensitive data in a secure manner, while permitting the effective and efficient use of the data. The best effort of every member of the university workforce is required to satisfy these dual data management objectives.
Getting Started
We suggest that you plan and follow a four-step approach to managing sensitive data.
- Education and awareness
- Inventory your data
- Assess your risks
- Mitigate your risks
- Regularly, at least once a year, revisit your efforts and make changes and improvements to your plan as needed
For a detailed discussion on producing this plan, read through the core documents on our Information Security Plans for Units page.
