Handling Confidential Data

Owned by Micah Schaafsma
Last updated: Nov 21, 2023 by Guo, Chiyao (Deactivated)
2 min read

Statement and Purpose

Table of Contents

Seattle Pacific University is dedicated to ensuring the privacy and proper handling of private and restricted information of students, employees, and individuals associated with the University. The primary purpose of this policy is to increase awareness as to the proper handling of sensitive information, and to ensure that University employees and students know and comply with all applicable laws and regulations. This policy establishes minimum requirements for the proper handling and protection of confidential data

Seattle Pacific has classified its information assets into risk-based categories for the purpose of determining who is allowed to access the information and what security precautions must be taken to protect it against unauthorized access. All departments are responsible to limit access of confidential data to only those individuals with a business need to the information in order to do their job. For definitions and examples, see Data Classification Levels.

Data classified as restricted will not be stored by the University or any of its employees in any fashion without explicit approval from the CIO.



Entities Affected By This Policy

All University faculty, staff and affiliates with access to confidential or restricted institutional data.

Reason for Policy

To protect individuals whose data is stewarded by the University, and to comply with Federal, State and Local statutes pertaining to the storage, use and transmission of sensitive data entrusted to the University and its systems.


Policy Version: 1.0

Responsible Office: Computer and Information Systems
Responsible Executive: AVP for Information Technology / CIO

Effective Date: July 1, 2019
Last Updated:  July 1, 2019

Storage, Transmission, and Back-up of Confidential Data

Storage

Confidential data must stored with great care in compliance with University and regulatory requirements. 

  • Confidential data in electronic format must be stored on a computer or server centrally managed by Computing and Information Services (CIS) or in an environment that is under strict legal contracts with the university that meet this policy.  Data may not be stored on a non-CIS managed computer, portable storage device, or cloud storage.
    • Computers, servers, and other data systems must run current operating systems and software under vendor support for regular security patches
    • Any exception to this must be reviewed by CIS management to ensure compliance with confidential data storage regulations
  • Confidential data in any hard copy format must be stored in locked cabinets or offices, and not be able to be accessed by unauthorized persons

Transmission

  • Only encrypted networks or communications tools may be used in the digital transmission of confidential data
  • Confidential data may not be transmitted via email without use of an specialized email encryption tool

Backup


Related Policies and Procedures