While much of this document focuses on legal obligations and the process of determining and communicating the sensitivity of information owned by or entrusted to the University, it also contains a number of reccomendations to which anyone who handles such information should adhere.
- You are responsible for your use or misuse of confidential information.
- Do not in any way divulge, copy, release, sell, loan, review, alter or destroy any information except as properly authorized within the scope of your professional activities.
- Take appropriate measures to protect confidential information wherever it is located, e.g., held on physical documents, stored on computer media, communicated over voice or data networks, exchanged in conversation, etc.
- Safeguard any physical key, ID card or computer/network account that allows you to access confidential information. This includes creating computer passwords that are difficult to guess.
- Render unusable confidential information held on any physical document or computer storage medium (e.g., diskette, CD, magnetic tape, hard disk) that is being discarded.
- Report any activities that you suspect may compromise confidential information to your immediate supervisor or to the University CITO.