Title

Employee Computer Data Protection/Screen Locking Policy (Protecting Student Data)

Steward
Steward:
Vice President of Institutional Effectiveness and Technology Solutions
Category:
Technology
Effective date:
April 21, 2017
Last content update:
April 21, 2017

Purpose

The purpose of this document is to set a minimum standard for protecting data on college owned computers with password protected screen savers. The screen saver locks the desktop after a set amount of time with no activity. By requiring a user to sign in when they return, it minimizes the risk of an unauthorized person using an active session while the authorized user is away. A password enabled screen saver helps to protect the information displayed on your screen, stored on your computer's hard drive and other data that is accessible from your computer when you walk away from the computer.

Policy

All College owned computers should be configured to have a password enabled screen saver. This data security feature should automatically initiate after the computer remains idle from user interaction after a predefined time period. The user must then re-enter their password to gain access to the computer. The general best practice for enabling automatic lockout of a screen saver is to set the timeout so that it can provide adequate security.

The policy requires that all employees manually lock their computer when not in use, or exiting the room, leaving their computer behind and that all computers have a screen saver lock out set at 30 minutes. After 30 minutes of no activity, the screen saver will be invoked automatically, with a one minute delay before actually locking. If no activity occurs, a password will be required before any activity can resume. No transparent screensavers are allowed.

The screen saver lockout is not a replacement for manually locking your machine to ensure its security.

References

Family Educational Rights and Privacy Act (FERPA)

Minnesota Government Data Practices Act (MGDPA), Chapter 13 of Minnesota Statutes

Associated Policies and Procedures

Minnesota State Community and Technical College Acceptable Use of Computers and Information Technology Resources Policy

Minnesota State Community and Technical College Student Directory Data Policy

Minnesota State Community and Technical College Employee Computer Data Protection/Screen Locking Procedure

Minnesota State system Board Policy 1.C.2 Fraudulent and Other Dishonest Acts

Policy author(s):
Dan Knudson