Many of us deal with sensitive data every day as part of our job. Whether you’re a system administrator that maintains the systems that house the data, someone processing the data, or the network administrator who maintains the equipment transmitting the information, we each have a responsibility to safe guard sensitive data against unauthorized disclosure.
Collection, storage and/or transmission of regulated private data must be approved by UB's Information Security Office.
Regulated private data includes:
Personally Identifiable Information (PII) is data that can be used to identify a person and either locate and contact them, or steal their identity.
Personally Identifiable Information (PII) includes:
Student Education Record Data consists of any student academic information beyond normal directory information (student’s name, address, telephone number, data and place of birth, honors and awards and dates of attendance). However, students can request that their directory information not be disclosed. It’s important to verify whether or not the student has opted out of disclosure before giving out any of that information!
UB's data is also governed by more specialized regulations, such as HIPAA (Health Insurance Portability and Accountability Act), PCIDSS (Payment Card Industry Data Security Standard) and GLBA (Gramm–Leach–Bliley Act). However, these are isolated to specific business units or decanal areas and don’t apply to the general University population.
For more information on protecting regulated private data, see the UB Standards for Securing Regulated Private Data. For more information on protected student data, take a look at Department of Education’s FERPA overview.