Confidentiality of Sensitive Data

Are we exercising our responsibility to protect sensitive data under our control?

Departments, as well as individual faculty and staff, maintain a variety of data files to conduct business. The federal government and grant agencies have designated certain data to be sensitive, requiring protection against unavailability, unauthorized access, or disclosure. Sensitive data typically refers to data about individuals requiring protection under the Federal Family Educational Rights and Privacy Act, Health Insurance Portability and Accountability Act, or other federal or state regulations.

These questions can help you determine if your department needs to protect sensitive data:

• Are all locations of automated and manual sensitive data records in the department known?
• Is access to sensitive data under the department's control restricted?
• Have faculty conducting research determined if the data they collect should be classified as sensitive?
• Do faculty and staff who administer sensitive data understand and follow appropriate federal, state, grant agency, or university regulations for protecting and backing up the data?
• Are student workers given access to confidential teaching or administrative data? If so, is their use of such data monitored closely?
• Is the unencrypted transmission of sensitive data or memos through e-mail discouraged?
  

An answer of "no" to any of the above questions indicates a risk for which remedial steps should be considered.

Helpful University information on this topic can be found at the following websites:

Privacy of Academic Records

Administrative Data Policy

Statement on Privacy of, Access to, and Retention of Computer Files

Policy on Personnel Records Disclosure

University Copyright/Privacy Statement