Sensitive Information Handling for Students
What is considered sensitive information that the University protects?
Here are the items the University considers to be data that should be protected:
- Social Security Number
- Bear Number
- HIPAA data
- Credit Card Information
Are there instances where this data does not need to be protected?
Yes. Sensitive information must be protected if it can be used to identify an individual. For example, a report that shows the ratios of various ethnicities of the students who attend UNC would not need to be protected since that data can’t be tied to any one student. However, if there was a name listed with ethnicity tied to it, that information would need to be protected. Some items, like Social Security Numbers, are always protected.
What data is UNC allowed to publish?
Unless the student has filled out a form with the Registrar’s Office stating that they do not want their information published, UNC is permitted to publish the following information about students:
- Address & Phone
- Email Address
- Enrollment Status
- Date of Birth
- Degrees Pursued
- Dates of Attendance
- Degree Conferred and Dates Conferred Participation in Recognized Sports
- Honors, Awards, Publications
- Physical Factors of Athletes
What do I do with printed documents containing sensitive information?
Lock them in a file cabinet or desk drawer when you still need them. Also be sure to lock the door to your home or office. When they are no longer needed, shred them or dispose of them in a shred bin. Shred bins are located throughout campus. They are a tall grey bin with a slot in the lid. If the bin is overflowing, please contact Facilities Management at (970) 351-2446 or the Technical Support Center at 351-HELP.
How would I store sensitive information electronically?
Sensitive data should never be stored beyond where it exists on the network. When the storage of that data is a business need it should be stored securely on UNC owned hardware and encrypted or rights protected.
How would I email sensitive information?
From OneDrive for Business, you can upload files or create a brand new one from within OneDrive for Business. Once it’s attached to your OneDrive for Business you can share it with people both on and off campus electronically.
How would I dispose of electronically stored sensitive information?
Sensitive information that is no longer needed that is contained on mobile phones, thumb drives, CDs, iPods, external disk drives, floppy disks, hard drives, etc. can be brought to the Carter Hall Data Center on the lower level for proper certified destruction.