Sensitive University Data

Whose data are you protecting?

Prospective Students                Prospective Employees
Current Students                      Current Employees
Past Students                           Past Employees
Alumni                                     Continuing Education Students

Do you fall into one of these categories?  If you do, then you're protecting your own data!

What information is sensitive?

Any data protected by FERPA, HIPPA, or any other legislated act. Here are some examples (this is not the entire list of data that is considered sensitive).

The Big Three
• Name
• Social Security Number
• Birth Date

Grades data
• Degree data
• Registration (including transcript data)
• All Financial Aid data

General Data
• Mother's maiden name
• Bank ISO and credit card numbers
• Addresses
• Health history
• Giving history

Employee Data
• Race
• Sex
• Veteran Status
• Disability
• Leave information
• Medical or health insurance
• Disciplinary information
• Performance evaluations

Sensitive Data Rules

Never:

  • Store Social Security Numbers, birth dates and/or credit card numbers on your computer
  • Store sensitive student or employee data, especially social security numbers and birth dates, on any department computers (servers, desktops, laptops), PDAs, CDs, or USB drives.
  • Email files containing sensitive data
  • Request Social Security Number and/or birth date on web forms unless authorized by a data custodian and transmitted on a secure web connection approved by the University Security Administrator
  • Assign students or student employees query or download ability to sensitive data files
  • Share your ID and password
  • Authorize your staff to access sensitive data unless it's absolutely required
  • Provide sensitive data to another staff member

Always:

  • Store sensitive data on the IS&T provided network server
  • Password protect files in those rare instances when they must be emailed (no Social Security Numbers and/or birth dates)
  • Become authorized and knowledgeable on how to obtain sensitive data from the system

Use the following chart as a quick guide for information storage:

Classification -on site- -on site- -cloud- -cloud- -cloud-
  Lanyard Vike OneDrive SharePoint Web
Sensitive
Private
Public