Confidentiality Policy

Approved by the President
October 27, 2009

Policy Contact
IT Security Administrator
607‐463‐2628
itsecurity@oneonta.edu

Policy Statement

It is the responsibility of SUNY Oneonta and its contractors and vendors to protect the confidentiality of sensitive information, which is critical to the security and image of the campus.

Rationale

A leak of sensitive information could result in damage to our students and employees as well as legal proceedings, fines or state and/or federal investigations against SUNY Oneonta. A breach of confidentiality would seriously damage the reputation of the institution.

Applicability of the Policy

This policy applies to all SUNY Oneonta faculty, staff, students and contractors and vendors affiliated or associated with the institution in any way.

Policy Elaboration

Information has value to its owners and SUNY Oneonta must appropriately safeguard against loss or exposure any sensitive information collected, stored and produced by our employees and students in their work and study. We must comply with applicable State, Federal and industry regulations and SUNY Oneonta’s IT Security Program regarding the confidentiality of data. Employees, students, vendors, contractors, and others may have access to sensitive information or computer and network privileges granted by virtue of their association with SUNY Oneonta. It is essential that everyone associated with SUNY Oneonta understands their responsibilities toward information confidentiality and the steps they must take to preserve it.

Definitions

Sensitive Information ‐ Any information that if leaked would cause loss of reputation for the institution or damage to an individual. ex: SSN's, credit card information, non‐public information.

Procedures

  1. All SUNY Oneonta employees will be trained in the proper handling of sensitive information upon employment. Training will be renewed periodically.
  2. Students will be educated of their responsibilities regarding data confidentiality through various means such as flyers, posters, email notices, etc.
  3. Vendors will sign the State University of New York at Oneonta Confidentiality Agreement before obtaining access to sensitive institution information.

Forms

State University of New York at Oneonta Confidentiality Agreement

Related Documents / Policies

SUNY Oneonta Information Technology Program

Family Educational Rights and Privacy Act of 1974

Gramm‐Leach‐Bliley Act (P.L. 106‐102)

Federal Trade Commission's Safeguards Rule (16 CFR Part 314)

FTC's Red Flags Rules

New York State Information Security Breach and Notification Act

Back to top