Handling Sensitive Information
The University of Toledo is responsible for collecting, storing, and distributing
very large amounts of information. Some of this information is federally legislated
as private and must be protected in accordance with laws such as the Family Education
Rights and Privacy Act (FERPA) of 1974 (for student records), the Gramm-Leach-Bliley
Act (GLBA) of 1999 (for personal financial information), and the Health Insurance
Portability and Accountability Act (HIPAA) of 1996 (for personally identifiable health
information). In accordance with the responsible use of Information Technology Policy, all of
us--faculty members, custodians, administrative assistants, secretaries, computer support
staff--have a responsibility to protect information about our patients and students
from public disclosure. It doesn't matter whether this information is on the network
computer, on a printout, a computer screen, a diskette, a CD-ROM, etc.
Information that is classified as “sensitive” must be protected and cannot be disclosed or disseminated to the public (people who are not employees of the university). Much of the information about our patients and students is considered sensitive.
All employees and users of network computing resources at UT have a role in protecting the University's information assets because their machines provide potential gateways to sensitive information stored on the network. Therefore, whether or not you deal directly with sensitive or confidential University information, you should take the following steps to reduce risk to UT’s information assets.
Examples of sensitive information include, but are not limited:
- Social Security Number
- Birthdate
- Home Phone Number
- Home Address
- Health Information
- Student Grades
- Gender
- Citizenship
- Ethnicity
- Citizen Visa Code
- Veteran Disability Status
- Courses Taken
- Schedule
- Test Scores
- Advising Records
- Educational Services Received
- Disciplinary Actions
- Patient Records