University Technology

University Technology Policies Updated

June 25, 2024

Multiple technology-related University policies have recently been updated, and we want to make you aware of the changes. This review was conducted to comply with the annual requirements of the Gramm-Leach-Bliley Act (GLBA). Additionally, changes were made to better align these policies with regulatory requirements and auditor recommendations. These updates were approved by the President’s Leadership Team on June 25, 2024.

In some cases, the review process did not result in any substantive changes. For policies with significant changes, a synopsis of these updates can be found below.

Some policy changes will take time to implement from a technical perspective. Impacted users will be contacted with more information as it becomes available.

We encourage all members of the university community to review these updated policies in detail. Compliance with these policies helps protect our institution's data and maintain the integrity of our technological resources. For more information, please refer to the full policy documents available via the links below.

If you have questions, please contact us at support@wiu.edu and we will do our best to address them.

Synposis of Policy Changes

Data Security and Handling Policy
  • Primary change was the addition of language requiring hard disk encryption on university owned computers.
Electronic Mail (Email) Policy
  • Substantive changes include the following:
      • Prohibition of employees forwarding of university emails to personal email accounts where such emails contain data that is protected by the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), or any other security or privacy-based law or regulation;
      • Prohibition of employees downloading of university emails to devices not owned by the university where such emails contain data that is protected by FERPA, HIPAA, GLBA, or any other security or privacy-based law or regulation;
      • Removed language allowing employees who have terminated their employment with the university to retain their email for 30 days following employment;
      • Removed language granting retirees and alumni perpetual email accounts after retirement/graduation; access will be subject to conditions now outlined in the policy.
Information Security Program Policy
  • No substantive changes made.
Mobile and Remote Communication Policy
  • Substantive changes include the following:
      • Throughout the policy, language was updated to reflect current technologies affected by this policy.
      • Language was updated to reflect that stipends and university provided devices/services should be provided to employees who have an unusually high requirement to use their personal devices for university related business relative to someone with a similar job title/position.
Password Policy
  • No substantive changes made.
Security Camera Policy
  • No substantive changes made.
Technology Use Policy
  • Substantive changes include the following:
      • Revised the definition of “computing resources” to be more comprehensive.
      • Added the following language to address audit expectations: “All WIU owned devices are required to have the following security applied:
        • Automated patching and updates for software and operating systems, as available
        • Hard drive encryption
        • Screen lock after 15 minutes of inactivity
        • Login/password protection at login
        • Up-to-date antivirus and malware protections
        • Disable auto-run
        • Rename local admin account
      • Added language prohibiting connection of personal devices to WIU secured networks.
      • Added language to clarify policy on Bring Your Own Device to address auditor requests:
        • Personal devices are prohibited from WIU secured networks (wired and wireless), except on the Residence Hall networks for students and the WIU-OPEN wireless network for faculty, staff, students, and guests.
        • Examples of prohibited personal devices on secured networks include tablets, desktop computers, laptops, mobile phones, gaming systems, smart devices, and more.
Web Use, Accessibility and Privacy Policy
  • No substantive changes made.