The Private Data Inventory is an annual survey of the prevalence of Private data across the University, as defined by the Data Security Classification policy. It is a repeatable process consisting of communication, response gathering, and evaluation that feeds into the planning process for detailed risk assessments.
Maintaining a comprehensive picture of Private data at the University enables:
a benchmark for data governance and management
opportunities for consistent data handling are identified across the University
units to determine risk tolerance and acceptance
University Information Security to assist units in prioritizing risk treatment plans.
The University Information Security Risk team distributes annual survey questions based on security trends to designated contacts throughout the University, and coordinates and aggregates the responses.
Each responding unit is notified of their results and any follow-on risk management activity:
Low risk processes receive ongoing risk and security communications and will receive the next Private Data Inventory to identify any changes.
Medium risk processes may receive a more detailed set of questions to identify common data security issues and solutions.
High risk processes may be contacted to schedule a Risk Assessment for the unit or service.