|
At Temple University, we have always taken very
seriously
our obligation to safeguard the personal
information of
students, faculty, and staff. I am issuing this
memo to
remind faculty and administrators to exercise
good judgment
when processing, storing, or disposing of
materials that
contain confidential information.
The proper disposal of printed computer
reports,
correspondence, and forms that contain private
information
is of particular concern to me. Confidential
information must not be discarded in standard trash containers that
are open, unsecured, or in public view. Disposal in such a manner is in
direct violation of University policy
and may be a violation of Federal law. All
printed
materials containing confidential information
must be burned
or shredded prior to disposal.
Paper documents that contain personal
information such as
social security numbers, grades, health-related
information,
or financial information must be stored in
appropriate
containers and properly secured from view by
unauthorized
persons.
Computer data that contains sensitive
information must be
properly protected through judicious account
and password
management, by applying the latest security
patches to the
PC operating system, and by following the
Temple
University Computer Usage Policy.
Recent federal legislation has raised the
awareness of
the issue of privacy. The Gramm-Leach-Bliley
Act (GLBA)
is a Federal statute that mandates that
financial
institutions take measures to keep confidential
the private
information of its customers. The University
falls within
the jurisdiction of GLBA because of its
activities related
to the processing of student loans.
Because the University delivers a variety of
health-related services, we are also subject to the
Health
Insurance Portability and Accountability
Act (HIPAA).
This act provides similar protection for
personal health-related information.
In addition to these recent laws, the
Family Educational Rights and Privacy Act of 1974 (FERPA)
requires the
University to "...keep as confidential,
records about
students that contain personally identifiable
information."
Temple's policy regarding the privacy of
student information
is contained in the
Policy
Regarding Confidentiality of Student Records.
It is the responsibility of all
administrators, faculty,
and staff to abide by these laws and policies.
Violators may
be sanctioned by the University and may also
expose
themselves and the University to civil and
criminal
penalties.
If you have any questions regarding this
issue, please
call Ariel Silverstone, Temple University's
Chief
Information Security Officer, at 215
204-7077. |
