Sensitive Information Handling for Students
- What is considered sensitive information that the University protects?
Though there are specific things the University considers sensitive (PDID, PII, etc.), always consider if this was your information, would you want it public or protected? Here are the items the University considers to be data that should be protected:
- Social Security Number
- Bear Number
- Race
- Ethnicity
- Nationality
- Gender
- HIPPA data
- Credit Card Information
- Grades
- Are there instances where this data does not need to be protected?
Yes. Sensitive information must be protected if it can be used to identify an individual. For example, a report that shows the ratios of various ethnicities of the students who attend Â鶹´«Ã½ would not need to be protected since that data can’t be tied to any one student. However, if there was a name listed with ethnicity tied to it that would need to be protected. Items like Social Security Number are always protected.
- What data are we allowed to publish?
Unless the student has filled out a with the Registrar’s Office stating that they do not want their information published, we are allowed to publish the following information about students:
- Name
- Address & Phone
- Email Address
- Enrollment Status
- Date of Birth
- Degrees Pursued
- Dates of Attendance
- Major
- Classification
- Degree Conferred and Dates Conferred Participation in Recognized Sports
- Honors, Awards, Publications
- Physical Factors of Athletes
- What do I do with printed documents containing sensitive information?
Lock them in a file cabinet or desk drawer when you still need them. Also be sure to lock the door to your home or office. When they are no longer needed, shred them or dispose of them in a shred bin. Shred bins are located throughout campus. They are a tall grey bin with a slot in the lid. If the bin is overflowing, please contact Facilities Management at (970) 351-2446 or the Technical Support Center at 351-HELP.
- How would I store sensitive information electronically?
Sensitive data should never be stored beyond where it exists on the network. When the storage of that data is a business need it should be stored securely on Â鶹´«Ã½ owned hardware and encrypted or rights protected.
- How would I email sensitive information?
From OneDrive for Business, you can upload files or create a brand new one from within OneDrive for Business. Once it’s attached to your OneDrive for Business you can share it with people both on and off campus electronically.
- How would I dispose of electronically stored sensitive information?
Sensitive information that is no longer needed that is contained on mobile phones, thumb drives, CDs, iPods, external disk drives, floppy disks, hard drives, etc. can be brought to the Carter Hall Data Center on the lower level for proper certified destruction.