All user information that is protected under local, state and federal law is confidential and is to be stored in a secure manner. Information not protected by law is sensitive and shared accordingly. Confidential information is only shared between and disseminated to others in the necessary performance of job duties. When required to support the investigation of prohibited activity, such information may be shared with the appropriate people to help further such an investigation.
Information will also be disclosed to relevant parties in order to fulfill any requirements pursuant to a subpoena issued for such a purpose under the direction of the Chief Information Officer (CIO), any Principal Administrator or the President.
Such sharing will be limited to only those people whose efforts are required, and such personnel shall respect the sensitive, confidential nature of such an investigation and the information and individuals involved.
All sensitive information, data, and/or files containing sensitive data must be stored in an ITS approved secure location, which includes but is not limited to:
- Shared drive
- Secure database
- Encrypted media
- PSU server-side e-mail
Such information shall only be shared between and released to authorized parties with a need to know and as necessary to execute job-related duties. Students exercising their rights pursuant to the PSU Student Handbook shall be considered authorized parties.
Sensitive data includes but is not limited to:
- Personal Identifying Information
- Name in combination with date of birth and/or social security number or other information that can be used to identify an individual.
- Security-related information (including but not limited to card validation codes/values, full magnetic-stripe data, PINs, and PIN blocks) used to authenticate cardholders and/or authorize payment card transactions.
- Any data protected by local, state and/or federal law, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Family Educational Rights and Privacy Act of 1974 (FERPA), the Graham-Leach-Bliley Act of 1999 (GLB).
- Confidential academic information such as student performance and/or research on human participants.
- Confidential administrative information such as Human Resources and/or financial records.
Students may refer to the PSU Student Handbook chapter on Rights of Students for more information.