ÈËÆÞÓÕ»ó

Help Desk

Information Technology

Identifying Electronic Confidential Data

Data that are stored or transmitted electronically are considered confidential if their unauthorized release can result in harm to the institution or to individuals.  Such harm may include identity theft, legal or financial liability, institutional or personal embarrassment, as well as other consequences.  It is the responsibility of all employees of ÈËÆÞÓÕ»ó College and others who are empowered to act on behalf of the College to protect confidential data from unauthorized access and/or misuse.

The following guidelines are intended to help you identify data items that should be treated as confidential.  However, the lists below are not exhaustive and there are confidential data items that fall outside of these guidelines.  If you are uncertain about the confidentiality status of a particular data item, please consult with your supervisor or the Chief Technology Officer.

Identity Theft Material

Identity theft is the fraudulent use of another's personal information for financial gain or to perpetrate other illicit activity.  Unauthorized access to materials that can be used for identity theft can expose individuals to harm and, in certain cases, expose the institution to financial liability, public relations challenges, and other types of problems.  This applies to all employees, students, alumni, donors, parents, board members, vendors, and others –– whether they are current, former, or prospective –– whose personal data is electronically stored or transmitted by the College.  In conjunction with an individual's name, data related to identity theft include:

  • Date of birth
  • Social Security Number
  • Driver's license/passport/ID numbers
  • Credit card numbers, expiration dates, PINs
  • Account numbers (banks, brokerages, utilities, etc.)
  • Passwords for accounts, databases, and other resources

These items can be found in documents such as tax returns, admissions applications, credit, loan and other types of applications, housing agreements, employment records, student records, financial correspondence, etc.

For more information about ID theft see

 

Employee Information

In addition to material that can be used in identity theft, other personal data items that are to be treated as confidential include:

  • Compensation and promotion information
  • Benefits information
  • Performance reviews, disciplinary materials, and related documents
  • Worker's compensation, disability claims, or other medical information


Information on records marked confidential
Donor Information

  • Activities/events attended
  • Children/family information
  • Contact reports
  • Correspondence history
  • Gift/Pledge data

If you are authorized to handle donor information, see the College Relations Security Policy at /cris/CR_IS/Documentation/Policy_CRIS_RecordRelease200612.pdf.

Student Information

The Family Educational Rights and Privacy Act, FERPA, gives students four specific rights:

  • to see the records that the institution is keeping on the student;
  • to seek amendment to those records and in certain cases to append a statement to a record;
  • to consent to disclosure of his/her records;
  • to file a complaint with the FERPA Office in Washington.

For answers to some common questions about FERPA see .

For information about ÈËÆÞÓÕ»ó's FERPA policies, see
/academic/gbook/comm_pol/disclosure.html

Under FERPA the following data items may be not be disclosed unless appropriately authorized:

  • Grades
  • Financial aid information
  • Credit Card Numbers
  • Bank Account Numbers
  • Wire Transfer information
  • Payment History
  • Student Tuition Bills

In addition, students have the right to restrict disclosure of the following items:

  • Name
  • Date of birth
  • Place of birth
  • Campus address and phone number
  • Campus mailbox number
  • Electronic mail address
  • Permanent mailing address
  • Permanent phone number
  • Secondary mailing address
  • Semesters of registration at ÈËÆÞÓÕ»ó
  • Full or part-time status
  • ÈËÆÞÓÕ»ó major, degree(s) awarded and date(s)
  • Institution attended prior to ÈËÆÞÓÕ»ó
  • Honors awarded
  • Participation in ÈËÆÞÓÕ»ó College programs
  • ID card photographs

Under Health Insurance Portability and Accountability Act, HIPAA, the following data may be not be disclosed unless appropriately authorized:

  • Patient Name
  • Street address, city, county, zip codeBirth date (except year)
  • Location or dates of treatment
  • Contact information: phone, fax, email, etc.
  • Social security number
  • Account/Medical record numbers
  • Health plan beneficiary numbers
  • Certificate/license numbers
  • Vehicle ID's & serial numbers
  • Device ID's & serial numbers
  • Full face images
  • Any other unique identifying number, characteristic, or code
  • Payment guarantor's information

For answers to commonly asked questions about HIPPA see the HHS website:

 

Other Information

Other data items whose unauthorized use could directly or indirectly harm the institution or individuals include:

  • Class rosters
  • Academic records and notes
  • Human subject data
  • Materials related to internal or external investigations
  • Legal documents and records
  • Financial records, grants, and contracts
  • Campus security plans and procedures
  • Storage sites for confidential data
  • Email containing sensitive information
  • Meetings minutes, memos, notes, emails, and other materials related to sensitive topics such as personnel matters, student behavior, etc.

back to top