Skip to main content
This document is a working draft. Readers are cautioned not to use this document as an authoritative reference.

Information Security Program

Summary of Personal Responsibilities

Summary of Personal Responsibilities


While much of this document focuses on legal obligations and the process of determining and communicating the sensitivity of information owned by or entrusted to the University, it also contains a number of reccomendations to which anyone who handles such information should adhere.

In summary:

  • You are responsible for your use or misuse of confidential information.
  • Do not in any way divulge, copy, release, sell, loan, review, alter or destroy any information except as properly authorized within the scope of your professional activities.
  • Take appropriate measures to protect confidential information wherever it is located, e.g., held on physical documents, stored on computer media, communicated over voice or data networks, exchanged in conversation, etc.
  • Safeguard any physical key, ID card or computer/network account that allows you to access confidential information. This includes creating computer passwords that are difficult to guess.
  • Render unusable confidential information held on any physical document or computer storage medium (e.g., diskette, CD, magnetic tape, hard disk) that is being discarded.
  • Report any activities that you suspect may compromise confidential information to your immediate supervisor or to the University CITO.