[26023] in resnet

home help back first fref pref prev next nref lref last post

Re: Network registration data retention policies

daemon@ATHENA.MIT.EDU (Cal Frye)
Tue Mar 8 14:54:34 2011

MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Message-ID:  <4D76887F.6090407@calfrye.com>
Date:         Tue, 8 Mar 2011 14:50:23 -0500
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Cal Frye <cjf@calfrye.com>
To: RESNET-L@listserv.nd.edu
In-Reply-To:  <4D767B66.7000309@stanford.edu>

Hi, Jose,

On 3/8/11 1:54 PM, Jose Valdez wrote:
> Hi,
> 
> I am curious to know what, if any, data retention policies that some of
> you may use with regard to network registration information.  This is of
> course heavily influenced by the degree of granularity of information
> that you may keep on network registrations, such as residence, room
> number and contact information. 

As our DHCP logs, by default, expired on the order of 28 days, we didn't
see much to be gained by saving network registration records for a
longer period. That duration serves the bulk of what we need to diagnose
problems and keep the network running.

> If you require users to register each
> academic year, do you keep year-to-year data, or is each new year's
> registration completely separate from previous year's registrations. 

For us, user records naturally clear out over the summer when students
largely are elsewhere. For those present year-round, see above. Other
items where we have assigned specific IP addresses for game systems and
the like, are cleared each summer and students reapply for them when
they return.

> This of course assumes that registrations are done on a per-device basis
> and not a larger per-user basis that includes multiple devices, if that
> assumption is wrong, I would love to hear how you manage user data. 

Per-device rules in this context. Per-MAC address, actually, although
our NAC agent can follow a computer through the transition from wired to
wireless and back. But other devices cannot install the agent, so MAC
address is the key value.

> If you have data retention policies, what motivated those policy
> decisions?  Were they internal decisions based on how long you thought
> the information might be useful, etc.?  As a related question, do you
> publish a defined privacy policy specific to network registration where
> you detail your data retention policies?  If not, do you rely on a
> higher level university policy, or is there no formal policy?  Thank you.

Long enough to be useful, short enough to not consume inordinate amounts
of storage. This has become a documented working policy, but not
published as part of our AUP, which speaks of user privacy rights and
"good netizen" responsibilities. Hope this is helpful...

-- 
Best regards
-- Cal Frye, Network Administrator, Oberlin College
   Mudd Library, x.56930 -- CIT will NEVER ask you for your password!

   www.calfrye.com,  www.oberlin.edu/cit/

"More money is put into prisons than into schools. That, in itself, is
the description of a nation bent on suicide." -- Jonathan Kozol.

___________________________________________________
You are subscribed to the ResNet-L mailing list.

To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________

home help back first fref pref prev next nref lref last post