Sensitive and Non Public Information Policy

• Credit Card Information: credit card number (in part or whole), expiration date, cardholder name and/or address and security code
• Tax Identification Numbers: social security number, insurance card number and business/employer identification number
• Payroll Information: paychecks, pay stubs and pay rates
• Cafeteria plan check requests and associated paperwork
• Medical information for any employees or customers including but not limited to: doctor names and claims, insurance claims, prescriptions and any related personal medical information
• Other personal information belonging to customers, employees and contractors: Examples include name, date of birth, address, phone number, maiden name and customer name.

2. University Information

• Employee, customer, vendor, supplier confidential information, proprietary information or trade secrets.
• Proprietary and/or confidential information, among other things, includes: business methods, customer utilization information, retention information, sales information, marketing and other University strategy, computer codes, screens, forms, information about or received from, University’s current, former and prospective students, sales associates or suppliers or any other non-public information. Proprietary and/or confidential information also includes the name and identity of any customer or vendor and the specifics of any relationship between and among them and the University.

• File cabinets, desk drawers, overhead cabinets, and any other storage space containing documents with sensitive information will be locked when not in use.
• Storage rooms containing documents with sensitive information and record retention areas will be locked at the end of each workday.
• Desks, workstations, work areas, printers and fax machines, and common shared work areas will be cleared of all documents containing sensitive information when not in use.
• Whiteboards, dry-erase boards, writing tablets, etc. in common shared work areas will be erased, removed, or shredded when not in use.
• When documents containing sensitive information are discarded they should be immediately shredded using a mechanical shredder.

• Any sensitive information submitted internally is encrypted and may be transmitted using approved company e-mail.
• Any sensitive information submitted externally by e-mail may be transmitted using approved company e-mail and should contain a statement such as:

The University’s personnel are encouraged to use common sense judgement in securing the University’s Confidential Information to the proper extent. If an employee is uncertain of the sensitivity of a particular piece of information, the employee should contact their supervisor, manager and/or the Security Information Officer.

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.