Defines the data management environment and assigned roles and responsibilities for protecting UB's non-public information from unauthorized access, disclosure, or misuse.