Sensitive Information

1. An ITS Security Training Module Version Oct 2009 v3 CLICK “FULL” TO VIEW SLIDE IN FULL SCREEN.

2. Many types of Sensitive Information are stored on your computer. It is important to protect it from hackers who wish to cause harm. Sensitive Information

3. Sensitive Information & Your UNC Job Section: Sensitive Information Access Sensitive Information only when required to complete your job. Keep your passwords secret! Comply with the University policies, such as the Acceptable Use Policy. Avoid storing Sensitive Information on mobile and portable devices. Report promptly the loss or misuse of University information to the campus IT Help Desk at (919.962.HELP), your supervisor, or the ITS Information Security Office.

4. Sensitive Information Examples Section: Sensitive Information Personal information Social Security numbers Protected health information medical records Student education records grades or honor code proceedings Customer information bank account information Card holder data credit card numbers Confidential personnel information disciplinary information Some research data data involving patents It is every employee’s responsibility to protect Sensitive Information and keep it confidential.

5. Regulations Related to Sensitive Information Section: Sensitive Information Sensitive Information is subject to a number of state and federal regulations, including: FERPA (Family Educational Rights and Privacy Act) Covers educational records, including student grade information HIPAA(Health Insurance Portability and Accountability Act) Covers medical information, such as patient records

6. Regulations Related to Sensitive Information Section: Sensitive Information Sensitive Information is subject to a number of state and federal regulations, including: State Personnel Act Covers information maintained in personnel files, which, with very limited exceptions, is considered confidential State Identity Theft Prevention Act Covers information, such as Social Security numbers or the name of a person in combination with a checking account number, often sought by criminals intending to commit identity theft.

7. Learning Point # 2 A friend asks me to post hisresume on my Web site. The resume contains his full Social Security number. Since he gave me his permission to post the resume, the Social Security number is not considered Sensitive Information. Right? Section: Sensitive Information Wrong! In fact, Social Security numbers are considered Sensitive Information under the North Carolina Identity Theft Protection Act and should only be disclosed if absolutely necessary. Social Security numbers should never be posted on Web sites.

8. Learning Point #3 Section: Sensitive Information My supervisor has asked me to shred some old files. As I am going through the files, I notice grade information belonging to my neighbor’s son. I can peek at the file since my neighbor already has informed me that her son is an Honors student. Right? Wrong! In fact, student grades are considered Sensitive Information. Any Sensitive Information should only be accessed if there is a business need for such access. Accessing Sensitive Information without a business need is a violation of University policy.