15.50 Information Data Security

A. Policy Statements

NMSU aspires to provide responsible use and management of its technology resources including storage and use of confidential data. The administration shall establish rules and processes to secure and protect confidential data and shall establish such administrative, technical, and physical safeguards as may be necessary or appropriate to comply with all relevant data protection laws and contractual requirements. The University shall identify an IT security authority to monitor and report data security risks to the administration, address any data security breaches as required by law and university rules, and to serve as a resource to the university community for data security and regulatory requirements. (Note: As used in this policy, “confidential data” is a generalized term, and not as a data classification.)

B. Rulemaking Authorization

The Regents of New Mexico State University authorize the administration to formulate and amend the Administrative Rules and Procedures (Rules) to address the use and management of the university’s confidential data and to implement the policy set out above. Such Rules shall be consistent with this policy as well as the laws relating to data privacy and security.

C. Repeal of Related Policies

Policies 2.90.10, and 2.90.30 shall be repealed from the Regents Policy Manual, but remain in effect in as ARP 14.10 – Records Integrity and Retention and ARP 15.63 – Protection of Customer Information; GLBA Compliance until amended or repealed.