Confidential Information FAQ
Q: What are my responsibilities for confidential information at work?
A: Each of us legally and ethically has a responsibility to shield confidential or protected information from deliberate or accidental disclosure whether it’s in paper or electronic form. This information can include but is not limited to any protected under a federal or state statute and includes but is not limited to Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPPA), and Colorado HB 03-1175 protected data. In addition credit card numbers, expiration dates and Card Verification Values (CVV) are also considered protected data. A good rule of thumb is: If it’s information that you would want protected such as your social security number or credit card information, then protect it.
Q: What steps can I take to protect confidential information?
A: As a reader/receiver of information:
- Make sure you know the type of the information at hand.
- You may have been given explicit access to information that has a higher sensitivity such as personally identifiable information.
- Securely store protected data using Windows Rights Management (WRM) or other encryption products approved by Information Technology.
- If in doubt, contact the author/owner of the information or his/her department.
As the author/owner of information:
- Assess the risk for your functional area and the university if the information were to be compromised or leaked.
- Protect the information accordingly.
As either the reader/receiver or author/owner of information:
- Use effective passwords and use them effectively.
- Lock your computer when you’re away from it.
Q: Where can I find more information about protecting confidential information?
A: For additional information about information security, go to the IT Web site or call the Technical Support Center at 351- 4357.