It is the responsibility of SUNY Oneonta and its contractors and vendors to protect the confidentiality of sensitive information, which is critical to the security and image of the campus.
A leak of sensitive information could result in damage to our students and employees as well as legal proceedings, fines or state and/or federal investigations against the college. A breach of confidentiality would seriously damage the reputation of the college.
Applicability of the Policy
This policy applies to all SUNY Oneonta faculty, staff, students and contractors and vendors affiliated or associated with the college in any way.
Information has value to its owners and the college must appropriately safeguard against loss or exposure any sensitive information collected, stored and produced by our employees and students in their work and study. We must comply with applicable State, Federal and industry regulations and SUNY Oneonta’s IT Security Program regarding the confidentiality of data. Employees, students, vendors, contractors, and others may have access to sensitive information or computer and network privileges granted by virtue of their association with the college. It is essential that everyone associated with the college understands their responsibilities toward information confidentiality and the steps they must take to preserve it.
Sensitive Information ‐ Any information that if leaked would cause loss of reputation for the college or damage to an individual. ex: SSN's, credit card information, non‐public information.
- All SUNY Oneonta employees will be trained in the proper handling of sensitive information upon employment. Training will be renewed periodically.
- Students will be educated of their responsibilities regarding data confidentiality through various means such as flyers, posters, email notices, etc.
- Vendors will sign the State University of New York College at Oneonta Confidentiality Agreement before obtaining access to sensitive college information.
Questions related to the daily operational interpretation of this policy should be directed to:
IT Security Administrator
Related Documents / Policies
Family Educational Rights and Privacy Act of 1974
Gramm‐Leach‐Bliley Act (P.L. 106‐102)
Federal Trade Commission's Safeguards Rule (16 CFR Part 314)
FTC's Red Flags Rules
New York State Information Security Breach and Notification Act
Approved by the President on October 27, 2009