M-Pathways Update
November 2022

When creating eProcurement Requisitions, the checkout experience has been streamlined by combining pages and reducing the number of clicks necessary to complete the transaction.

For more information on the updates, refer to the Create Requisition - Overview of Changes. Updated step-by-step procedures are also available on the eProcurement Resources page.

New fields will be available in the HR01 and HRO2 universes beginning 8 p.m. on Tuesday, November 1.

New Administrative PMOD Value

A new value of GCS will be available in the ADMINISTRATIVE_PMOD_CD field in the ADMINISTRATIVE_PMODS table in the HR01 universe for person modifier changes related to the LEO-GLAM union.

Union Fields

The following fields will be added to the JOB table in the HR02 universe containing information about indicating the union affiliated with a JobCode, if any.

• UNION_CD
• UNION_DESC

Step Increase Fields

The following fields will be added to the Data Warehouse.

On the JOB table in the HR01 universe:

• STEP
• STEP_ENTRY_DT
• STEP_END_DT

On the JOB table in the HR02 universe:

• STEP
• STEP_ENTRY_DT
• STEP_END_DT
• UNION_CD
• UNION_DESCR

In addition, a new table will be available in the Data Warehouse called SAL_STEP_TBL.

This table will include the following fields:

• SAL_ADMIN_PLAN
• GRADE
• EFFDT
• STEP
• HOURLY_RT
• DAILY_RT
• MONTHLY_RT
• ANNUAL_RT

More information about these fields can be found in the M-Pathways Human Resource Data Dictionary.

As part of this fall’s SUMIT series of weekly events, the Education and Engagement team of ITS Information Assurance (IA) presented on how they curate knowledge, develop training, and create awareness for U-M community members to protect themselves and the U. The team of Performance Support Analysts featured “Jen and the Matts” (Jen Wilkerson, Matt Ranville, and Matt Martin), who covered the variety of ways they provide meaningful resources for the U-M community and beyond. The areas of focus included:

• Safe Computing Website: Matt Ranville gave an in-depth tour of Safe Computing to show how to navigate the continually growing award-winning website. The site covers topics to help you Be Aware of phishing scams, fraud and more, Protect Yourself with advice from security experts, and Protect the U with security tools. The newest features of the site are the Library, which links to all the IA publications, training, and awareness resources, and the Media Archive that offers a collection of posters, social media, videos, and graphics for promoting best practices in privacy and cybersecurity.
• Training Designed for U-M: Matt Martin described the different levels of training offered, from specialized courses on compliance guidelines (HIPAA, PCI) to high-level introductory activities for new staff. The highlighted and newest offering is the Data Protection 100: Your Shared Responsibility course, which is recommended for all incoming employees. The course provides an overview of why it is important to protect U-M data and resources, what risks exist and how you can avoid them, and how you can fulfill your responsibility for protecting the university.
• Education and Engagement Outreach: Jen Wilkerson covered the multitude of strategies and tactics that the team employs to engage the U-M community and promote IA services. Whether it’s the fun and lighthearted #SecureLifeOfPets campaign on Twitter, informative presentations on security capabilities, detailed documentation about IA projects, the E&E team strives to provide relevant and actionable information to people across all levels of the university.

If you didn’t make it to the Safe Computing for Everyone session, check out the presentation slides to learn more and for links to all the resources.

The capstone of 17th Security at University of Michigan IT (SUMIT) event series was a thought-provoking presentation and conversation on digital protection of the press and at-risk individuals. In Adventures in Securing At-Risk People, Runa Sandvik and Elodie Vialle talked about their passion for helping journalists do their work securely.

Runa Sandvik, founder of Granitt, has been working on cybersecurity for reporters and at-risk people for over a decade.“ Her approach to protecting journalists involves figuring out their familiarity and comfort level with technology before mapping cybersecurity solutions to their situation and risk profile. She pursues the right balance between security and usability for each project, story, trip, and office. Journalists often have to take inherently risky actions to engage with the public. Finding ways to make these actions secure is what draws Sandvik to her work.

Journalism is inherently risky work, both online and offline. Journalists are physically assaulted, detained, arrested, in some cases killed, they’re targeted with spyware and private spies. These are things that we hear about every single day,” shared Sandvik.

Elodie Vialle, Fellow at the Institute for Rebooting Social Media at the Berkman Klein Center for Internet & Society at Harvard University, appreciates Sandvik’s holistic approach to journalistic safety and all she has done to set international standards for cybersecurity in newsrooms. Vialle’s own work has been focused on online harassment of journalists — she sees the emotional impact on her colleagues and recognizes the vital importance of staying safe in hostile environments. According to Vialle, there are many cases of journalists being attacked online, and who are traumatized and refrain from covering certain stories. “People tell us, you just have to disconnect from social media. Don't use Facebook, don't use Twitter, okay? But we cannot do that.”

Sandvik and Vialle agree that the cybersecurity issues at-risk people face today are complex and require safety teams representing broad perspectives. Vialle points out that security advisers and trainers who reflect the diversity of our society and of the newsrooms would bring more legitimacy to cybersecurity programs. When asked by an audience member how tech corporations can address at scale highly individualized journalistic protections, Sandvik and Vialle were ready with ideas. “Volunteer within your working hours.”, suggests Sandvik." Vialle adds, “Be more inclusive — include civil society folks and journalists on red teams before launching any new products. This will be a way to build a safer Internet. And this will be a way to better support marginalized communities.”

The feedback on this year’s SUMIT keynote event has been overwhelmingly positive. Rachael Wojciechowski from ITS Communications said, “Great SUMIT keynote this year! Not super technical or difficult to understand. An engaging discussion that I could follow even while helping with live-tweeting the event."

Visit SUMIT Keynote: Adventures in Security at Risk People to watch the recorded session, review the presentation slide deck, and access resources mentioned during the event.

Privacy policies can be perplexing! You might have come across them in the footer of websites or in pop-up messages from applications you use on your devices - privacy policies and notices are ubiquitous in the digital world. According to a 2019 Pew Research report, most Americans are asked to agree to a privacy policy at least monthly, yet more than a third of adults say they never read the policy before agreeing to it. Of those who say they read privacy policies, only 13% do so all the way through.

These statistics are not surprising. In recent years, privacy laws like the EU General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA) have led to the proliferation of links and pop-ups that aim to explain how companies collect, use, and protect personal data. This is important information that can help consumers decide whether they should share their personal data with a service provider. Does your language learning program need to know your precise location? Is it reasonable for an app to keep collecting information about you in the background long after you have closed it? Does your social media platform share your information with partner companies?

Unfortunately, many privacy notices are written with the goal of satisfying legal requirements. It's not surprising that so many people find them long, confusing, and hard to read. ITS Information Assurance (IA) is here to assist you in navigating these sometimes difficult documents and get answers to your questions.

The new How To Read Privacy Notices page on the Safe Computing website helps explain what you should expect and look for in privacy notices. It also highlights potential red flags, such as overcollection or oversharing of personal information. We hope this resource will help you make better informed decisions about whether to trust a particular website, service, or application with your personal details.

For more privacy information and resources, visit the Privacy section of the Safe Computing website and check out the Protect and Respect Privacy curriculum.