I am writing to bring your attention to three important policies that are particularly important as we enter one of the busiest times of the academic year. The three policies share a common goal-to outline the standards for confidentiality, security, and the general handling of information and documents maintained by the university. A brief description of each policy follows, and each can be accessed online. Because these policies are important to our work as a university, please ensure that you and others affected are familiar with each.

The requirements of these policies are dictated by various federal and local laws and constitute sound business practices. We have an obligation to protect the information that we gather in order to conduct our day-to-day activities. Those who trust us with their personal information deserve to know that we will do all that we can to keep their personal information safe and secure.

I assume we all agree that maintaining confidentiality and protecting the personal information of AU community members is core ethical and management values. For those of us who control that information, we must also remember we have legal obligations as well. Please review these policies and the procedures within your departments that ensure compliance.

Information Technology Security

American University conducts significant portions of its operations via wired and wireless computer networks. The confidentiality, integrity and availability of the information systems, applications, and data that is stored and transmitted over these networks are critical to the university's reputation and success. Nevertheless, AU systems and data face threats from a variety of ever-changing sources. The Information Technology Security Policies establish requirements for the university community to follow to safeguard AU's academic and administrative information resources. The policies were developed by the Information Technology Security Project Team, which included a broad cross-section of faculty and staff and was vetted by many in the university community. An education and implementation assistance program is being developed by the committee.

Information Security Plan (Gramm-Leach-Bliley)

This Information Security Plan is intended to comply with the Gramm-Leach-Bliley Act ("GLBA") in protecting the security and privacy of sensitive, non-public, personal information. It is designed to ensure the confidentiality and protect against unauthorized access to personal information maintained by the university.

Records Retention and Disposal

The Records Retention and Disposal Policy provides a standardized process for maintaining and disposing of university records; it resulted from consultation with the university community to establish appropriate practices. The retention schedule is a living document and instructions for further input for changes are included in the policy. The university is currently working to select a vendor to assist with an extensive education program, and to develop guidelines to help offices implement the policy requirements.

You will receive additional information on the procedures to comply with the requirements of these important policies. Please contact the Office of Finance and Treasurer at (202) 885-2700 if you have questions about the policies or their implementation.