Confidentiality Policy

Confidentiality Policy

Policy Statement

It is the responsibility of SUNY Oneonta and its contractors and vendors to protect the confidentiality of sensitive information, which is critical to the security and image of the campus.

Rationale

A leak of sensitive information could result in damage to our students and employees as well as legal proceedings, fines or state and/or federal investigations against the College. A breach of confidentiality would seriously damage the reputation of the College.

Applicability of the Policy

This policy applies to all SUNY Oneonta faculty, staff, students and contractors and vendors affiliated or associated with the College in any way.

Policy Elaboration

Information has value to its owners and the College must appropriately safeguard against loss or exposure any sensitive information collected, stored and produced by our employees and students in their work and study. We must comply with applicable State, Federal and industry regulations and SUNY Oneonta’s IT Security Program regarding the confidentiality of data. Employees, students, vendors, contractors and others may have access to sensitive information or computer and network privileges granted by virtue of their association with the College. It is essential that everyone associated with the College understands their responsibilities toward information confidentiality and the steps they must take to preserve it.

Definitions

Sensitive Information ‐ Any information that if leaked would cause loss of reputation for the college or damage to an individual. ex: SSN's, credit card information, non‐public information.

Procedures

1) All SUNY Oneonta employees will be trained in proper handling of sensitive information upon employment. Training will be renewed periodically.

2) Students will be educated of their responsibilities regarding data confidentiality through various means such as flyers, posters, email notices, etc.

3) Vendors will sign the State University of New York College at Oneonta Confidentiality Agreement before obtaining access to sensitive College information.

Forms

State University of New York College at Oneonta Confidentiality Agreement (attached)

Contacts

Questions related to the daily operational interpretation of this policy should be directed to:

IT Security Administrator

607‐463‐2628

itsecurity@oneonta.edu

Related Documents / Policies

SUNY
 
Oneonta 
Information 
Technology 
Program


(http://www.oneonta.edu/technology/security/ITSP.asp)


Family Educational Rights and Privacy Act of 1974

Gramm‐Leach‐Bliley Act (P.L. 106‐102)

Federal Trade Commission's Safeguards Rule (16 CFR Part 314)

FTC's Red Flags Rules

New York State Information Security Breach and Notification Act

Effective Dates

• Approved by the President on October 27, 2009 SUNY Oneonta Confidentiality Agreement