It is the responsibility of SUNY Oneonta and its contractors and vendors to protect the confidentiality of sensitive information, which is critical to the security and image of the campus.
A leak of sensitive information could result in damage to our students and employees as well as legal proceedings, fines or state and/or federal investigations against SUNY Oneonta. A breach of confidentiality would seriously damage the reputation of the institution.
Applicability of the Policy
This policy applies to all SUNY Oneonta faculty, staff, students and contractors and vendors affiliated or associated with the institution in any way.
Information has value to its owners and SUNY Oneonta must appropriately safeguard against loss or exposure any sensitive information collected, stored and produced by our employees and students in their work and study. We must comply with applicable State, Federal and industry regulations and SUNY Oneonta’s IT Security Program regarding the confidentiality of data. Employees, students, vendors, contractors, and others may have access to sensitive information or computer and network privileges granted by virtue of their association with SUNY Oneonta. It is essential that everyone associated with SUNY Oneonta understands their responsibilities toward information confidentiality and the steps they must take to preserve it.
Sensitive Information ‐ Any information that if leaked would cause loss of reputation for the institution or damage to an individual. ex: SSN's, credit card information, non‐public information.
- All SUNY Oneonta employees will be trained in the proper handling of sensitive information upon employment. Training will be renewed periodically.
- Students will be educated of their responsibilities regarding data confidentiality through various means such as flyers, posters, email notices, etc.
- Vendors will sign the State University of New York at Oneonta Confidentiality Agreement before obtaining access to sensitive institution information.
Related Documents / Policies
Family Educational Rights and Privacy Act of 1974
Gramm‐Leach‐Bliley Act (P.L. 106‐102)
Federal Trade Commission's Safeguards Rule (16 CFR Part 314)
FTC's Red Flags Rules
New York State Information Security Breach and Notification Act