Body
Summary
Data security is one of the most critical responsibilities within any organization. At Winona State University (WSU), protecting sensitive information ensures the stability, credibility, and operational continuity of the institution. As a WSU employee, you are required to follow all federal, state, and institutional policies governing data privacy and security. Failure to comply may result in serious consequences, including disruptions to WSU’s network connectivity and loss of business productivity.
Information Applies to
Faculty, Staff
University Responsibilities
FERPA
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. FERPA applies to all educational institutions receiving funds from the U.S. Department of Education. All WSU employees must handle student data in accordance with FERPA regulations.
Minnesota Government Data Practices Act (MnGDPA)
The Minnesota Government Data Practices Act (MnGDPA) (Minnesota Statutes, Chapter 13) establishes that state and local government records are presumed public unless a specific statute or rule states otherwise. Employees must understand what data is public, private, or confidential under this law.
Minnesota State Policies & Procedures
WSU employees must comply with all Minnesota State system-wide policies and procedures related to data governance, information security, and acceptable use.
WSU Policies
WSU maintains institutional policies that further define expectations for data handling, security practices, and employee responsibilities. All employees are expected to review and follow these policies.
Your Responsibilities
As a member of the Winona State community, you play a vital role in maintaining a secure campus environment. The following guidelines outline essential practices for safeguarding data and systems.
Check Links in Emails — Critical for Security
You should always validate web links and email addresses before interacting with them. Cybercriminals often disguise malicious links to appear legitimate.
Important reminders:
-
WSU IT will never ask for your WSU credentials via email. If you receive such a message, do not open it, report it using the report button.
-
To verify a link, hover your mouse over the hyperlink to reveal the actual destination.
Protect Your Password
Your password must remain confidential.
Do NOT share your password with:
Additional precautions:
Verify People
Always confirm the identity of individuals claiming to be from IT or Facilities.
Ask yourself:
Report Suspicious Activity
If something feels wrong—or if you know you made a mistake—report it immediately.
Email: abuse@winona.edu
Things to Be Concerned About
You should take action if any of the following occur:
-
You clicked a phishing link or replied to a suspicious email.
-
You accidentally typed your password into the wrong field.
-
You sent or received private data insecurely (e.g., SSN via email).
-
You receive numerous “non-deliverable” email messages.
-
You notice emails sent from your account that you did not send.
-
You lose a device (phone, tablet, laptop, storage device) or suspect theft.
-
Your workspace appears disturbed or documents are missing.
-
Someone else used your computer.
-
You receive unsolicited calls or visits from IT or Maintenance.
Learn More
Need additional information or assistance? Contact WSU Tech Support by email or call 507.457.5240, option 1.