What is an Information Steward?
An Information Steward is responsible for organizing their department's or office's handling of sensitive personal information (SPI).
An Information Steward and his or her supervisor may incorporate or reference this role description in the Steward's job description as they both deem appropriate. For questions about job descriptions contact your campus compensation specialist. For questions about the Information Steward role description contact eitherr Lorna Koppel, Tufts Technology Services Director of Information Security, or Beth Knauss, Tufts Technology Services, Information Security Compliance Program Manager.
Tufts University shall recognize a representative from each appropriate business unit or group as a designated Information Steward (IS). An IS is accountable and responsible for implementing information stewardship safeguards and best practices within his or her business unit or group.
Roles and Responsibilities of Information Stewards
Information Stewards are responsible for organizing and supporting the proper handling of sensitive personal information in their unit or other group. A steward:
- Is knowledgeable about protecting SPI
- Regularly attends training and reviews information provided by Information Security, especially through the ISPortal
- Is familiar with the laws and regulations and the university policies that apply to SPI
- Is familiar with best practices for protecting SPI
- Knows and learns about their group
- Knows and learns about what type of SPI their group uses or stores
- Is able to describe the activities that use or store SPI in their group
- Using supporting tools, documents what SPI is used and how it is used
- Consults with Information Security to evaluate and develop their group’s practices to protect SPI
- Develops local policies and procedures for their group for collecting, accessing, transporting, storing, and disposing of records containing SPI
- Coordinates and supports implementing university and local policies and procedures to safeguard handling SPI by their group
- For the staff, faculty, students and others that are part of their group, raises their awareness of the importance of protecting SPI
- Educates and provides training, using supplied materials
- Acts as a resource as staff and others implement practices to protect SPI
- Understands what to do if there is a possible breach of SPI
Information Stewardship Subcommittee
The ISS contributes to developing university-wide policy and strategy for the stewardship of institutional data. Its Charge includes information security, privacy, government and industry regulation, and information management principles, with an objective of maximizing institutional data’s value in support of the university’s vision and mission.
Information Stewards carry out their responsibilities by coordinating and collaborating with their group’s manager, who shares with the Information Steward responsibility for the proper management and protection of sensitive personal information.
Information Stewards follow the guidance at Reporting Information Security Incidents.