Online Backup for MLS

benjamincarleski · #31

I see a few references in this thread and others to a policy about data security preventing Church data from being stored on non-Church computers. Does anyone have a link to, or could post the policy document? The only policy reference I could find is http://tech.lds.org/wiki/images/a/aa/Po ... eeping.pdf, and all is says is that the data "should be protected from unauthorized disclosure". My STS authorized the use of an online data backup site, and so before I go back saying we can't it would be nice to have something to point to.

#32

benjamincarleski wrote:I see a few references in this thread and others to a policy about data security preventing Church data from being stored on non-Church computers. Does anyone have a link to, or could post the policy document? The only policy reference I could find is http://tech.lds.org/wiki/images/a/aa/Po ... eeping.pdf, and all is says is that the data "should be protected from unauthorized disclosure".

Handbook 2, 21.1.11, addresses computers but then refers to Handbook 1, 13.8 and 13.9, for additional instructions about protecting confidential information. The Policies and Guidelines For Computers Used by Clerks for Church Record Keeping, to which you linked, has more in the Security section than just the sentence quoted. Further on it addresses storing confidential data and the use of Church information on PDAs. The document is dated as evidenced by the sole reference to PDAs. But one can get from the information of that Security section that confidential and Church information are to be protected from unauthorized sources.

Since this thread is discussing MLS data, then the warnings presented for exports may be considered policy. Once such warning states:

The export file option in MLS contains confidential Church information and must only be used by Church officers for official Church purposes.

This data must not be used for personal, political or commercial purposes, and it must be deleted from all personal electronic devices when Church officers are released from their callings.

Beyond the Handbook,the Policies and Guidelines For Computers Used by Clerks for Church Record Keeping and the MLS help and warnings I am not aware of any specific document that sets policy any further.

Those cited references do not specifically address storing Church data on non-Church computers. The discussions in a myriad of threads touch on different aspects of this. There may be an internal document at CHQ that provides more specific policies regarding this. There have been two Church employees that referred to such an uncited policy. This is one of those:

WelchTC wrote:I want to remind everyone that the Church has a policy about exporting information from MLS or LUWS and importing that same data into a server not officially sponsored and supported by the Church. You can use the data on your own "controlled" and "secure" PC's, laptops, and PDA's. However you are not allowed to host sites for your ward that would utilize this exported information.

While that quote only discusses exported data it does give pause to consider MLS backup files.

benjamincarleski wrote:My STS authorized the use of an online data backup site, and so before I go back saying we can't it would be nice to have something to point to.

When you say the STS has authorized this I am assuming that in fact the stake president did because the STS does not have this authority. The stake president may have authorized this in council with the STS. I also hope that the STS pointed out the requirements to secure confidential information and Church data in accordance with the Handbook and the August 2009 policy letter to the stake president before he made his decision.

Some may argue the security of the data in the backup file (since in requires the MLS program as well as administrative passwords) along with the security of the storage site chosen. I am not one of those.

I will have to concede that in consideration of the policies cited and notwithstanding any further written direction from CHQ that the stake president has the authority to make such a decision. If he has any questions about the appropriateness of this action he can always take it to the area authorities.