Confidential Information Policy

Policy number 09-10
Responsible office Department of Human Resources
Enforcement official
Enforcement official
Chief Human Resources Officer
Classification Board of Trustees-delegated Policy
Category Employment: Faculty and Staff

Statement of policy

Western Michigan University is a public university and, as such, welcomes public accountability. In the course of their work, staff members have access to information about WMU operations. Some such information is legally, medically or personally privileged or confidential.  Discretion and the maintenance of confidentiality are expected of all employees.  The following policy governs the disclosure of confidential information held in any manner by employees of Western Michigan University.

Summary of contents/major changes

Moved from HR manual into policy template.  No substantive changes.

  1. Purpose of Policy

    The purpose of this Policy is to protect and safeguard individual and University information used throughout the University.

  2. Stakeholders Most Impacted by the Policy

    All employees

  3. Key Definitions

    1. Confidential Information includes, but is not limited to:

      1. Student educational information and discipline records;

      2. Non-public personal information concerning employees and students including, but not limited to, Western Identification Numbers, information system user IDs and passwords, social security numbers, internal communications, banking or financial information, medical and health information, disability status or special needs, insurance information and personal benefits information;

      3. University-related information that the University has not publicly published or released, including but not limited to budget, financial, negotiation, bidding, and other information;

      4. University research data, information, and findings that are protected by law, contract or policy;

      5. Information described as confidential under any other University policy, rule or directive; or

      6. Other information and records that the employee has been properly directed not to disclose. Confidential information does not include information publicly disclosed by the University or that is required to be disclosed pursuant to law or contract.

    2. Michigan Freedom of Information Act (FOIA): a Michigan law that provides citizens with access to public records of public bodies

    3. Family Educational Rights and Privacy Act (FERPA): a federal law that protects the privacy of student education records

    4. Health Information Portability and Accountability Act (HIPAA): a federal law that protects the privacy of individual health information

  4. Full Policy Details

    1. All University employees must hold any Confidential Information in trust and confidence, and not use or disclose it or any embodiment thereof, directly or indirectly, except as may be necessary in the performance of duties for the University or as otherwise required by law or contract.

    2. University employees may not remove Confidential Information from a University department/office, or duplicate Confidential Information, unless authorized by the University to do so. Upon termination of any assignment or as directed by a supervisor, employees shall return all such materials and copies thereof to their proper location in the department or office.  This includes Confidential Information in electronic format.

    3. Unless otherwise authorized, direct all external requests for Confidential Information to Western Michigan University's Freedom of Information Act Officer.

    4. The Policy does not prevent or prohibit the internal use of Confidential Information for the legitimate academic, administrative, and operational purposes and needs of the University as authorized by the University. This Policy does not prevent or prohibit employees from disclosing in good faith violation(s) of law, contract, or policy, either within the University or to the appropriate external body or authority.

    5. The University will not take adverse employment action against any employee who discloses violation(s) of law, contract, or policy, either within the University or to the appropriate external body or authority.

    6. Implementation

      Employees should contact their supervisor regarding authorized disclosure or use under this Policy prior to disclosure or use.

    7. Communication

      This Policy will be posted on the University’s Policies website.

    8. Exceptions

      Certain confidential information may be disclosed to third parties pursuant to a government request or court order.  Employees should contact the Office of the General Counsel if they receive such requests prior to responding.

  5. Accountability

    Failure to follow this Policy and any associated procedures may subject WMU employees to disciplinary action, up to and including dismissal from employment by the University, consistent with applicable procedures and Collective Bargaining Agreements.

    Additional consequences for non-compliance include loss of access to Confidential Information, which may result in the inability to perform the essential functions of a position.   There could be additional civil or criminal causes of action for violating FERPA, HIPAA, or other confidentiality laws.

  6. Related Procedures and Guidelines

    N/A

  7. Additional Information

    The University’s FOIA officer and HIPAA Privacy Officer are located in the Office of the General Counsel. You may find additional information on their website at https://wmich.edu/legal/foia.

    Contact information for Non-Disclosure Agreements can be found at https://wmich.edu/research/contracts

  8. FAQs

    Is confidential information related to intellectual property and research covered by this Policy?

    No.  If the confidential information is related to intellectual property or research, contact the Office of Research and Innovation as a Non-Disclosure Agreement may be required for discussions with third parties.

References
History
Effective date of current version April 1, 2021
Proposed date of next review April 1, 2024
Authorization
Certified by

Responsible Enforcement Official

Warren Hills
Chief Human Resources Officer

At the direction of

Jan Van Der Kley
Vice President, Office of Business and Finance