its.unc.edu 1

Many types of Sensitive

Information are stored on

your computer. It is

important to protect it

from hackers who wish to

cause harm.

Sensitive Information Sensitive Information

its.unc.edu 2

Sensitive Information & Your UNC Job

Sensitive Information & Your UNC Job

Access Sensitive Information only

when

required to complete your job.

Keep your passwords secret!

Comply with the University

policies,

such as the Acceptable Use Policy.

Avoid storing Sensitive Information

on mobile and portable devices.Report promptly the loss or misuse of University information to the campus IT Help Desk at (919.962.HELP), your supervisor, or the ITS Information Security Office.

Section: Sensitive Information

its.unc.edu 3

Sensitive Information Examples

Sensitive Information Examples

Personal information• Social Security numbers

Protected health information• medical records

Student education records • grades or honor code

proceedings Customer information

• bank account information Card holder data

• credit card numbers Confidential personnel information

• disciplinary information Some research data

• data involving patents

It is every employee’s

responsibility to protect Sensitive Information and

keep it confidential.

Section: Sensitive Information

its.unc.edu 4

Regulations Related to Sensitive Information

Regulations Related to Sensitive Information

FERPA (Family Educational Rights and Privacy Act)

Covers educational records, including student grade information

HIPAA (Health Insurance Portability and Accountability Act)

Covers medical information, such as patient records

Sensitive Information is subject to a

number of state and federal

regulations, including:

Section: Sensitive Information

its.unc.edu 5

Regulations Related to Sensitive Information

Regulations Related to Sensitive Information

State Personnel Act

Covers information maintained in personnel files, which, with very limited exceptions, is considered confidential

State Identity Theft Prevention Act

Covers information, such as Social Security numbers or the name of a person in combination with a checking account number, often sought by criminals intending to commit identity theft.

Section: Sensitive Information

Sensitive Information is subject to a

number of state and federal

regulations, including:

its.unc.edu 6

Learning Point # 2Learning Point # 2A friend asks me to post his

resume on my Web site. The resume contains his full Social Security number.

Since he gave me his permission to post the resume, the Social Security number is not considered Sensitive Information. Right?

Wrong! In fact, Social Security numbers are

considered Sensitive Information under the North Carolina Identity

Theft Protection Act and should only be disclosed if absolutely necessary.

Social Security numbers should never be posted on Web sites.

Section: Sensitive Information

its.unc.edu 7

Learning Point #3Learning Point #3

My supervisor has asked me to shred some old files. As I am going through the files, I notice

grade information belonging to my neighbor’s son. I can peek at the file since my neighbor already has informed

me that her son is an Honors student. Right?

Wrong! In fact, student grades are considered Sensitive Information. Any Sensitive Information should only be accessed if there is a business need for such

access. Accessing Sensitive Information without a business need

is a violation of University policy.

Section: Sensitive Information