Confidential information

Purpose

The purpose of this Policy is to provide University employees with a basic understanding of their responsibilities to protect and safeguard confidential or proprietary Institutional Data to which they have access as a result of their employment and to establish guidelines for the use and dissemination of such information.

Policy

Lynn University’s confidential and proprietary records and information relating to Lynn University or its students, vendors, business partners, donors and employees (hereinafter “Institutional Data”), must be treated accordingly. No Lynn University related confidential or proprietary Institutional Data, including without limitation, documents, notes, files, records, oral information, computer files or similar materials (except in the ordinary course of performing duties on behalf of Lynn University) may be removed from Lynn University’s premises without permission from Lynn University. Additionally, the contents of Lynn University’s confidential or proprietary Institutional Data records or information otherwise obtained in regard to business may not be disclosed to anyone, except where required for a business purpose or where the records or information have previously been disclosed to the public by the University. Employees must not disclose any confidential Institutional Data, purposefully or inadvertently (through casual conversation), to any unauthorized person inside or outside the University.

Examples of proprietary and confidential Institutional Data include, but are not limited to, any system, information or process that gives the University an opportunity to gain an advantage over its competitors; information about the University’s strategies, business plans, forecasts, operations, and results; information about students and vendors; information about the University’s systems, technology, products and services; and employee medical and other records.

You are responsible for safeguarding all proprietary and confidential Institutional Data under your control. This includes taking steps to ensure documents are produced, handled and discarded in a manner that minimizes the risk that unauthorized persons might obtain access to them. You should also ensure that access to work areas and computers is properly controlled. Also you may not discuss proprietary or confidential Institutional Data in public places.

Employees who are unsure about the confidential and proprietary nature of specific information must ask their supervisor for clarification. Employees will be subject to appropriate disciplinary action, up to and including termination, for knowingly or unknowingly revealing information of a confidential and proprietary nature.

This Policy is not intended, and should not be construed, to limit or prevent an employee from exercising rights allowed by law, rule, and/or regulations.

Definitions

Institutional Data—any information, including PII, and Student, Alumni, and Employee Financial Information that can be linked to any individual, including but not limited to, students, faculty, staff, patients, or contractors. Institutional Data and all applications storing and transmitting such data, regardless of the media on which they reside, are valuable assets, which the University has an obligation to manage, secure, and protect. In addition, Institutional Data includes proprietary records and information relating to Lynn University or its students, vendors, business partners, donors and employees.

Employee Financial Information—that information the University has obtained from an employee in the process of offering a benefit or service. Offering a benefit or service includes all University sponsored benefit plans and University financial services such as flexible spending accounts, and personal payroll services. Examples of employee financial information include bank and credit card account numbers, income and credit histories and social security numbers, in both paper and electronic format.

Student and Alumni Financial Information—that information the University has obtained from a student in the process of offering a financial product or service, or such information provided to the University by another financial institution. Offering a financial product or service includes offering student loans to students, receiving income tax information from a student's parent when offering a financial aid package, and other miscellaneous financial services as defined in 12 CFR § 225.28. Examples of student financial information include bank and credit card account numbers, income and credit histories and social security numbers, in both paper and electronic format.

Personally Identifiable Information (“PII”)—any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity that is not been designated as directory information, such as social security number, place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information relating to an identified or identifiable person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.

Procedures/Guidelines

I. Information Security Procedures

Lynn University recognizes and protects the privacy and confidentiality of medical, personnel, and student records. Individuals who work in student, patient, faculty, and administrative offices often have access to information that is sensitive or confidential. This information includes but is not limited to, budgets, salaries, student records, personnel records, patient records, personal messages, grant proposals, and real estate.

These records must not be shared or discussed outside the University. Sensitive or confidential information may be shared only on the need-to-know basis and only as required in the course of performing your job, except as authorized by the affected employee or as required/allowed by law, rule, and regulation or a subpoena or order issued by a court or requested by a judicial, administrative or legislative body.

Requests for these records from anyone outside the University must be approved by both the Office of General Counsel and the coordinated by the Chief Information Officer.

You are responsible for ensuring that sensitive information is kept confidential. If you have any questions about the confidentiality of information to which you have access, ask your immediate supervisor, department head, or the office of Employee Services for clarification.

Any breach of confidentiality may result in disciplinary action, up to and including termination.

To learn more about this policy or the supporting procedures, please contact Employee Services.

Policy updated on: Oct. 24, 2018