LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	An Now Back to Our Original Program: RIM
From:	"Piotrowski, Charles" <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Thu, 29 Jun 2006 13:00:41 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (54 lines)

Hi folks,

I have been assigned the task of drafting a definition of "Confidential
and Sensitive Information" to be used in a corporate policy (bumping it
up from an "Information Asset Management (IAM) Guideline"). 

To give you some context we, CVPS, are a private electric utility
operated in the public interest (not a gov't agency) traded on the NYSE
as well as regulated by our state's Public Service Board et al. We don't
have nukes.

We have a tradition of being more cautious and secure than state and
federal law requires when it comes to personal identity info and other
"confidential and sensitive" info. In our IAM guidelines we define
"confidential and sensitive info" as: 

1. Personal names in combination with: 
     a. Home address
     b. Home phone number  
     c. Social Security Number
     d. Drivers license or state identification number 
2. Medical information 
3. Credit card information 
4. Bank account information 
5. Employee Performance Reviews 
6. Company sensitive business information such as, but not limited to: 
     6a. Maps, charts and diagrams that detail operations at a level
that could be used to aid in the disruption or hindering of CVPS's
ability to deliver electricity, or otherwise conduct business
     b. Financial statements that may reveal or cause financial harm to
CVPS or its employees.
7. Sensitive or confidential information from or about other businesses
given to CV in confidence 
8. Salary and compensation information 
9. Employee or customer information that may be sensitive in some other
manner 
10. If you are not sure, error on the side of caution and assume it is.


I am set on having the 1-10 as a baseline, (you can ask particulars as
you see fit), but I was wondering what I have missed.  Please be as
picayune as possible, but remember my goal is for a corporate policy...

As always, thanks for the help....
 

Chuck Piotrowski
CVPS
www.cvps.com
This computer runs on Cow Power!

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US