This policy covers the access, manipulation, duplication, storage and use of confidential La Salle University data stored or maintained on any systems, storage devices or media (including printed documents). For the purposes of this policy it is recognized that the University, through its various administrative and academic departments, is entrusted with certain confidential data requiring protection. The spirit and intent of this policy is to safeguard the integrity and prevent inappropriate use or unauthorized access to confidential data as defined below.
Definitions
The following terms are used throughout this document and are defined as follows. Confidential Data. Any data that meets any one or more of the following criteria:
Data which, if compromised, could impact the safety, privacy, welfare, financial health, or reputation of La Salle University, its employees, faculty, students, alumni or affiliates.
Data which is protected or restricted by local, state or federal law or contractual agreements or data where such laws or agreements require the University to limit access or implement other controls to maintain privacy or security.
Data where individuals have exercised legally- or contractually-mandated disclosure opt-out provisions.
Data which is prohibited from disclosure by University practice or policy. Examples include, but are not limited to, aggregated or individual: passwords, social security numbers, credit card numbers, student grades and disciplinary records, personal or enterprise financial records, private contact information, medical records, birth dates, and personal employment and payroll records.
Examples of data which may be restricted by individual opt-out decisions include FERPA student directory data. Note that the possibility of students exercising their FERPA opt-out rights means that not just the data elements but also the specific records included in a data set must be considered to determine whether a data set must be considered confidential.