Skip to main content
Learn More
This document is a working draft. Readers are cautioned not to use this document as an authoritative reference.

Information Security Program

Appendix E – Summary of End User Responsibilities

Appendix E – Summary of End User Responsibilities

DRAFT

All individuals should review the following "Summary of Responsibilities" document before obtaining access to confidential information contained within the University's computer systems, networks and physical facilities.


Office Heads and Chairs should ensure that each of their staff members who have access to confidential information has reviewed the document and understands his or her responsibilities as they relate to the handling of confidential information.


The University maintains information that is sensitive and valuable, and is often protected by Federal and State laws that prohibit its unauthorized use or disclosure. This includes, but is not limited to:


  • Personal information about faculty, staff, students, parents, alumni or donors (e.g., social security numbers, dates and places of birth, mother's maiden names, student records, employment records, disciplinary actions, credit card numbers, financial data, medical records, etc.)
  • University business information (e.g., financial reports, internal reports and memos, contracts, strategic reports, surveys, etc.)
  • Information about or provided by third parties (e.g., information covered by non-disclosure agreements, contracts, business plans, non-public financial data, computer programs, etc.)

The exposure of such information to unauthorized individuals could cause irreparable harm to the University or members of the University community. Thus, you are expected to diligently protect it:


  • Only access the information needed to perform your legitimate duties as a University employee and only after being authorized by the appropriate Information Guardian.
  • Do not in any way divulge, copy, release, sell, loan, review, alter or destroy any information except as properly authorized within the scope of your professional activities.
  • Take appropriate measures to protect confidential information wherever it is located, e.g., held on physical documents, stored on computer media, communicated over voice or data networks, exchanged in conversation, etc.
  • Safeguard any physical key, ID card or computer/network account that allows you to access confidential information. This includes creating difficult-to-guess computer passwords.
  • Destroy or render unusable confidential information held on any physical document (e.g., memos, reports, microfilm, microfiche) or computer storage medium (e.g., diskette, CD, magnetic tape, hard disk) that is being discarded.
  • Report any activities that you suspect may compromise confidential information to your immediate supervisor or to the CITO.
  • Your obligation to protect confidential information does not cease after you leave the University.