Data Confidentiality Policy

Policy Name: Data Confidentiality Policy
Policy Number: 03-05-013
Version Effective Date: June 1, 2011
Last Reviewed on: January 1, 2019
Policy Applies To: University wide
Responsible Office: Information Technology

INTRODUCTION AND STATEMENT OF PURPOSE

POLICY
As an employee, contractor, or authorized guest working in Department of Information Technology at The New Jersey City University, you will have access to various types of restricted use and confidential information in the course of your work. This includes student grade records, social security numbers, login IDs and passwords, system configurations, payroll and personnel records, financial aid, self-restricted personal information, medical or research data, and intellectual property information. Pursuant to local, state, and federal legislation (specifically FERPA), to accept employment or an engagement in an IT role is to accept responsibility to preserve the confidentiality of information in your stewardship role.

Many IT support roles require high-level access authority to systems and services where confidential data is stored or through which it flows. Standard data access authorization forms are not typically obtained from IT personnel in support roles, therefore, this document is required in lieu of these authorization forms. Unauthorized access, modification, manipulation, destruction, or disclosure of confidential information is in violation of university policy and guidelines and could be cause for University sanctions in addition to possible legal action. In addition, all persons with access to confidential information should take reasonable steps to secure access to and any copies. Questions regarding data confidentiality should be directed to the Department of Human Resources.

________________________________________________________________________________

Employee/Contractor/Work-Study Student Agreement:

I have read and understand the above statements regarding the confidentiality of data I may have access to in the course of my employment or contractual relationship in an IT role at The New Jersey City University . I have discussed any questions I have about these statements with my supervisor. I understand the special nature of IT roles, the importance of confidentiality in these roles, and agree to adhere to policy regarding preservation of the confidentiality and integrity of institutional data.

Signed: ____________________________________________

Print Name: ___________________________________

Date: _______________________

This document is to be filed in the departmental personnel file of the employee who has signed above or in the contract agreement file for the company employing the individual who has signed above.

DATE TO INITIATE REVIEW AND UPDATE
As deemed necessary or appropriate by the Policy Coordinator but at a minimum, at least every 5 years from the date of last review.