Personal tools
Navigation
Tools

Difference between revisions of "Statement of Confidentiality"

From Appalachian State University Policy Manual

Jump to: navigation, search
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Policy 902
+
Policy 909
 
== Introduction ==
 
== Introduction ==
You may copy this page's source to start a new policy page. Be sure to remove or overwrite the examples. Second level headings should NOT be altered.
 
  
 
== Scope ==
 
== Scope ==
Line 8: Line 7:
 
== Definitions  ==
 
== Definitions  ==
  
=== Definition phrase or word ===
+
== Policy and Procedure Statements  ==
: Definition summary
+
=== Statement of Confidentiality ===
 +
4.1.1 Below is the Statement of Confidentiality used by Appalachian State University.
  
 +
Appalachian State University maintains strict confidentiality requirements and regulations in compliance with the Gramm-Leach-Bliley Act (GLBA), Family Educational Rights and Privacy Act of 1974 as amended (FERPA), and the Health Insurance Portability and Accountability Act (HIPPA) in addition to other federal and state laws. These laws pertain to the security and privacy of all non-public information that may be considered “confidential” or “sensitive” including student information, employee information, and general University information whether it is in hard copy or electronic form.
  
== Policy and Procedure Statements  ==
+
#Computer Systems - Computer systems includes any microcomputer (stand-alone or networked), workstation, mini-computer or mainframe computer used on this campus or accessible by way of networks, at other locations.
 +
#Computer Networks - Computer networks includes any local or wide area communications systems connecting computer systems as defined above.
 +
#Local Area Networking Media - Local area networking media may consist of copper wire, fiber optic cable, thin or thick wire cable which is used to connect one terminal, microcomputer, workstation etc. to another or to network interface equipment.
 +
#Internet - A vast international computer network of many component networks. It contains the ability for electronic mail (e-mail), network news, file and image transfer and information browsing.
 +
#World Wide Web - (WWW) The more graphical based component of the internet that encompasses many thousands of text, graphic, audio and video files interlinked throughout the world.
  
=== Example policy 1 ===
+
“Confidential” information is information that either is exempt from disclosure under one of the exceptions to North Carolina's Public Records Act or is prohibited from disclosure by some other statute. Such “confidential” information includes: Personnel file information, Student education records (other than directory information), Social security or employer taxpayer identification numbers; Drivers license, State identification card, or passport numbers; Checking account numbers; Savings account numbers; Credit card numbers; Debit card numbers; Personal Identification (PIN) Code; Digital signatures; Any other numbers or information that can be used to access a person's financial resources; Biometric data; Fingerprints; and Passwords. Disclosure of confidential information is unlawful.
  
 +
“Sensitive” information is information that may be contained in a “public” record within the meaning of the Public Records Act, but is information that the person or entity who is the subject of the information would likely prefer not be made public unless such disclosure is required by law (e.g., in response to a request for such information under the Public Records Act). It is the policy of Appalachian State University to avoid disclosure of sensitive information except as required by law.
  
=== Example policy 2 ===
+
I understand that, in the course of my work or other university activities, I may have access to such confidential or sensitive or privileged information. As a user of the University's systems, I am expected to use my best efforts to protect against unauthorized access to, or disclosure of, such information, and to report any conduct or other facts that might result in unauthorized access to, or disclosure of such information. I shall not release or disclose such information to any unauthorized person, who does not have a legitimate business/educational need to know.
  
 +
I understand that Appalachian State University defines UNAUTHORIZED ACCESS to be:
 +
#Access to confidential or sensitive information for which I do not have signed authorization or is necessary to carry out my job responsibilities.
 +
#Release of confidential or sensitive information to unauthorized internal or external persons.
 +
#Release of more confidential or sensitive information to an authorized individual/agency than is essential for meeting the stated purpose of an approved request.
 +
#Disclosure of my system username, password, or access codes to an unauthorized individual, creating a risk of unauthorized access to confidential or sensitive information.
 +
 +
Furthermore, I understand that confidential or sensitive information may not be divulged, copied, released, sold, loaned, reviewed, altered or destroyed except as properly authorized within the scope of applicable federal or state laws. I understand that I will be held responsible for the misuse or wrongful disclosure of confidential information and/or for my failure to safeguard my system username, password or access codes to confidential information, and I further acknowledge responsibility for all activities undertaken using my system username, password or access codes.
 +
 +
I acknowledge that in the course of my work or other University activities I may have access to documents, data, or other information, some or all of which may be confidential, and/or sensitive, and /or privileged whether or not labeled or identified as “confidential,” sensitive,” or “privileged.”
 +
 +
Except as required by my employment or other University activities, I shall not directly or indirectly use, publish, disseminate or otherwise disclose to any third party, or use for personal gain any information acquired in the course of my activities without the prior written consent of Appalachian State University.
 +
 +
I have read, understand and agree to comply and follow the above guidelines. I understand that failure to do so may subject me to loss of access to the University's databases and/or other university systems, and/or may subject me to disciplinary measures as outlined in the University's policies and procedures which may include suspension or termination of employment.
  
 
== Additional References ==
 
== Additional References ==
Line 28: Line 47:
  
  
== Effective Date ==
+
== Original Effective Date ==
  
 
== Revision Dates ==
 
== Revision Dates ==
 +
:November 5, 2021 - previously policy 910
 +
 +
[[Category:Contents]]
 +
[[Category:Information Technology]]

Revision as of 12:41, 5 November 2021

Policy 909

1 Introduction

2 Scope

3 Definitions

4 Policy and Procedure Statements

4.1 Statement of Confidentiality

4.1.1 Below is the Statement of Confidentiality used by Appalachian State University.

Appalachian State University maintains strict confidentiality requirements and regulations in compliance with the Gramm-Leach-Bliley Act (GLBA), Family Educational Rights and Privacy Act of 1974 as amended (FERPA), and the Health Insurance Portability and Accountability Act (HIPPA) in addition to other federal and state laws. These laws pertain to the security and privacy of all non-public information that may be considered “confidential” or “sensitive” including student information, employee information, and general University information whether it is in hard copy or electronic form.

  1. Computer Systems - Computer systems includes any microcomputer (stand-alone or networked), workstation, mini-computer or mainframe computer used on this campus or accessible by way of networks, at other locations.
  2. Computer Networks - Computer networks includes any local or wide area communications systems connecting computer systems as defined above.
  3. Local Area Networking Media - Local area networking media may consist of copper wire, fiber optic cable, thin or thick wire cable which is used to connect one terminal, microcomputer, workstation etc. to another or to network interface equipment.
  4. Internet - A vast international computer network of many component networks. It contains the ability for electronic mail (e-mail), network news, file and image transfer and information browsing.
  5. World Wide Web - (WWW) The more graphical based component of the internet that encompasses many thousands of text, graphic, audio and video files interlinked throughout the world.

“Confidential” information is information that either is exempt from disclosure under one of the exceptions to North Carolina's Public Records Act or is prohibited from disclosure by some other statute. Such “confidential” information includes: Personnel file information, Student education records (other than directory information), Social security or employer taxpayer identification numbers; Drivers license, State identification card, or passport numbers; Checking account numbers; Savings account numbers; Credit card numbers; Debit card numbers; Personal Identification (PIN) Code; Digital signatures; Any other numbers or information that can be used to access a person's financial resources; Biometric data; Fingerprints; and Passwords. Disclosure of confidential information is unlawful.

“Sensitive” information is information that may be contained in a “public” record within the meaning of the Public Records Act, but is information that the person or entity who is the subject of the information would likely prefer not be made public unless such disclosure is required by law (e.g., in response to a request for such information under the Public Records Act). It is the policy of Appalachian State University to avoid disclosure of sensitive information except as required by law.

I understand that, in the course of my work or other university activities, I may have access to such confidential or sensitive or privileged information. As a user of the University's systems, I am expected to use my best efforts to protect against unauthorized access to, or disclosure of, such information, and to report any conduct or other facts that might result in unauthorized access to, or disclosure of such information. I shall not release or disclose such information to any unauthorized person, who does not have a legitimate business/educational need to know.

I understand that Appalachian State University defines UNAUTHORIZED ACCESS to be:

  1. Access to confidential or sensitive information for which I do not have signed authorization or is necessary to carry out my job responsibilities.
  2. Release of confidential or sensitive information to unauthorized internal or external persons.
  3. Release of more confidential or sensitive information to an authorized individual/agency than is essential for meeting the stated purpose of an approved request.
  4. Disclosure of my system username, password, or access codes to an unauthorized individual, creating a risk of unauthorized access to confidential or sensitive information.

Furthermore, I understand that confidential or sensitive information may not be divulged, copied, released, sold, loaned, reviewed, altered or destroyed except as properly authorized within the scope of applicable federal or state laws. I understand that I will be held responsible for the misuse or wrongful disclosure of confidential information and/or for my failure to safeguard my system username, password or access codes to confidential information, and I further acknowledge responsibility for all activities undertaken using my system username, password or access codes.

I acknowledge that in the course of my work or other University activities I may have access to documents, data, or other information, some or all of which may be confidential, and/or sensitive, and /or privileged whether or not labeled or identified as “confidential,” sensitive,” or “privileged.”

Except as required by my employment or other University activities, I shall not directly or indirectly use, publish, disseminate or otherwise disclose to any third party, or use for personal gain any information acquired in the course of my activities without the prior written consent of Appalachian State University.

I have read, understand and agree to comply and follow the above guidelines. I understand that failure to do so may subject me to loss of access to the University's databases and/or other university systems, and/or may subject me to disciplinary measures as outlined in the University's policies and procedures which may include suspension or termination of employment.

5 Additional References

6 Authority

7 Contact Information

8 Original Effective Date

9 Revision Dates

November 5, 2021 - previously policy 910