101.1 - Confidentiality Policy

University Group Policy #101.1

Policy Statement

Winston-Salem State University (WSSU) is the owner of all information captured using university resources and assets and is responsible for securing confidential information. This policy governs all information acquired during the course of employment or service to the University that is not otherwise subject to public disclosure under North Carolina Law.

Employees, student workers, and affiliates have a duty to protect all confidential information acquired during the course of employment or service to WSSU.

Definitions

  • University Employee: a person employed to perform duties or services for the University.
  • Affiliate: an individual or entity not directly employed by the University, but is granted access to confidential information for the purpose of performing services for the University. An “affiliate” may be paid or unpaid.
  • Confidential Information: includes, but is not limited to: any personally-identifiable student and parent records, financial records (including social security and credit card numbers), health records; contracts, research data; alumni and donor records; personnel records other than an individual’s own personnel record; University financial data; computer passwords, University proprietary information/data; and any other information for which access, use, or disclosure is not authorized by: 1) federal, state, or local law; or 2) University policy operations.

Guidelines

Each employee, consultant, student, or person granted access to data and information holds a position of trust and must preserve the security and confidentiality of the information he/she uses. Users of University data and information are required to abide by all applicable Federal and State guidelines and University policies regarding confidentiality of data. All users of University data and information must read and understand Information Technology's policies and understand how these policies apply to their respective job functions.

Any employee or person with authorized access to WSSU’s computer resources, information system, records or files shall use the data or files solely for University business.

The following principles shall govern confidentiality at Winston-Salem State University.

  1. Documents and files (both electronic and hard copy) containing confidential information are to be accessed, used, and disclosed only with explicit authorization and only on a need-to-know basis for either an employee’s job function or an affiliate’s service.
  2. University resources must not be used to obtain, store or transmit confidential information regarding any individual or entity without University authorization.
  3. Confidential information regarding any individual or entity acquired during the course of employment at, or providing services to, the University must never be divulged to anyone outside of the University without authorization or to anyone within the University without the need-to-know.
  4. Based on record retention requirements, documents and files containing information must be disposed of in a way that ensures that the information is no longer recognizable or retrievable.
  5. All employees, student workers, and affiliates have a duty to use available physical, technological, and administrative safeguards, in accordance with University policies and procedures, to protect the security of all confidential information regardless of form or medium.
  6. Upon conclusion of an employee’s employment of a student worker’s or affiliate’s service, or upon request of a supervisor: Employees, student workers, and affiliates will return originals and copies of documents and files (whether electronic or hardcopy) containing confidential information to the University and relinquish all further access to and use of such information.
  7. Based on record retention requirements, documents and files containing information must be disposed of in a way that ensures that the information is no longer recognizable or retrievable.
  8. All University employees must sign a WSSU Confidentiality Agreement as a condition of employment. An individual department may require its employees and affiliates to sign a department specific confidentiality agreement as a condition of working for or providing services to that department.

Roles and Responsibilities

The Office of the Vice Chancellor of Finance and Administration is responsible for the development and maintenance of procedures to implement this policy. University departments may develop and implement confidentiality policies tailored and detailed for their specific areas so long as those policies comply with the University’s Confidentiality Policy.

Applicability

This policy applies to all full and part-time faculty and staff University employees, student workers, and affiliates.

Compliance

Violation of this policy by:

  1. A University employee or student worker will result in disciplinary action up to and including termination of employment. Student workers may also face disciplinary action under the Student Code of Conduct.
  2. An affiliate will have access to confidential information terminated and the working arrangement and/or contractual agreement will also be terminated immediately.
  3. A University employee or affiliate may be subject to criminal or civil prosecution under federal or state statutes.

Responsible Division: Finance and Administration

Authority: Board of Trustees

History:

  • Adopted March 18, 2011