The Information Security and Privacy Advisory Committee (ISPAC) evaluates, develops, and recommends information security and privacy policies, procedures, and operations vital to protecting and sustaining UB’s mission. ISPAC advises the Provost and VPCIO as well as other University VPs and Deans.
The Committee is responsible for the following, including but not limited to:
- Establish a University-wide review process for all unit-level policies/procedures related to protected data as defined in the UB Information Classification Policy.
- Review information security and privacy policies and standards and recommend improvements and revisions, as appropriate.
- Serve as a resource for the University on information security and privacy issues.
- Evaluate conflicts between information security and privacy issues, including academic freedom.
- Review specific information security/privacy breaches and Incident reports within the University.
- Evaluate and recommend information security and privacy training needs.
- Coordinate efforts to make privacy and security more visible within the University.
- Monitor and oversee the university’s compliance with the European Union’s General Data Protection Regulation (GDPR).
Membership is appointed by the Provost and VPCIO in consultation with the appropriate University Vice Presidents. The membership represents the operational executives of the University who have primary responsibility for the creation and maintenance of UB’s information assets. Membership includes:
- Director of Institutional Analysis
- University General Counsel
- HIPAA Compliance Officer
- AVP for Human Resources
- AVP for Student Life
- AVP Finance and Controller
- University Registrar
- Designee from the Office or the Vice President for Research
- Director of Internal Audit
- University Records Privacy Manager
- Chair of the Faculty Senate or Designee
- UBIT Information Security Officer (Chair)