Protection of Regulated Private Data

Updated September 17, 2019

The University at Buffalo is committed to protecting regulated private data in order to safeguard the privacy of community members.  The university has legal and ethical obligations to ensure that regulated private data in any form are secured in a manner that minimizes risk of unauthorized or inappropriate use or disclosure, and complies with all laws and regulations regarding regulated data including the New York State Information Security Breach and Notification Act.

Regulated private data include

  • Bank credit/debit card numbers
  • Social Security Numbers
  • State-issued drivers’ license numbers and state-issued non-drivers’ identification numbers
  • Passwords and other computer access protection data
  • Protected health information

UB's Standards for Securing Regulated Private Data establishes the requirements for protecting these data in any form and on any device, including the hard drives of digital printers and copiers. 

Any university office that collects and maintains private and regulated data must ensure that the data are stored in a secure and confidential environment, eliminate use of the data for any purpose except that for which it was collected, and follow university guidelines for the disposal of records containing the data.

Any suspected or confirmed exposure of regulated private data or security breach of a system containing such protected data must be reported immediately to the information security officer. UB complies with the New York State Information Security Breach and Notification Act.

Information security is a daily priority at the university and we take protection of personal information very seriously.  An employee or student who has substantially breached the confidentiality of regulated protected private data will be subject to disciplinary action and/or sanctions up to and including discharge and dismissal in accordance with university policy and procedures.