To ensure the privacy of University employee, student, and institutional information, I will:
- Access, distribute and share institutional data only as needed to conduct University business. This includes all production and nonproduction data, e.g. test program output, failed production runs, etc.
- Respect the confidentiality and privacy of individuals whose records or data I access.
- Protect my security authorizations (user IDs and passwords) and be personally accountable for all work performed under my security authorization.
- Protect confidential information displayed on my device screen(s).
- Ensure that institutional data I store on my device, networked or non-networked hardware is protected and backed up as needed.
- Report knowledge of security breaches.
- Comply with all departmental and University policies and procedures pertaining to this institutional data.
- Abide by any applicable state or federal laws with respect to access, use or disclosure of information.
- Comply with all University security policies with respect to releasing personal, identifiable student record information or files with respect to the Federal Educational Rights and Privacy Act (FERPA).
- Comply with all University security policies with respect to releasing personal, identifiable record information or files with respect to the Personal Identifiable Information Privacy Act.
I will not:
- Discuss verbally or distribute in electronic or printed formats confidential institutional data except as needed to conduct University business as specified in my position description.
- Knowingly falsely identify myself.
- Gain or attempt to gain unauthorized access to institutional data or University computing systems.
- Share my userIDs and passwords with anyone.
- Allow for unsecured access for unauthorize individuals or systems while logged into University computing systems.
- Use or knowingly allow other people to use information resources for personal gain.
- Destroy, damage or alter any University information resources or property without proper authorization.
- Make unauthorized copies of institutional data or applications.
- Engage in any activity that could compromise the security or stability of information resources and institutional data.
My signature on an LDAP Directory Access Request form means that I have read and will comply with the provisions for security and confidentiality of institutional data, including employee and student information and files as described below and in University policy. My signature also certifies that I have legitimate business interest in the records and data that I am requesting access to and that I understand that I can be disciplined in accordance with University policy if I am found to be in violation of this agreement.
If I am requesting student information my signature certifies that I have read, understand, and will comply with the Family Educational Rights and Privacy Act (FERPA).
If I am requesting institutional information, my signature certifies that I understand institutional data consists of, among other information, emplID, name, email addresses and WIN numbers. Go to the data classification policy.