Data Handling Requirements
University Personnel* who maintain any information that is protected under applicable federal or state law or regulations, including, but not limited to, FERPA, HIPAA, PCI, or GLBA, or under terms of a University contract (“Confidential Information”) are required to protect that information by ensuring the information is stored only on secure devices or servers or in secure storage. Legal actions and fines may result from violations of contracts or federal or state law or regulations, including but not limited to, HIPAA, FERPA, PCI and GLBA.
University Personnel must set strong passwords, as defined in the University’s Password and Account Policy (pdf), and must encrypt emails that contain Confidential Information. Before storing any Confidential Information on a portable device, desktop computer, or other electronic device, University Personnel must encrypt the device or equipment or contact 405-325-HELP to have the device or equipment encrypted. The device or equipment must also be registered with IT Security. Instructions for encrypting your devices and emails and registering devices with IT Security can be found below.
* University Personnel: Faculty, staff, volunteers, students and trainees, and other persons whose conduct, in the performance of work for the University, is under the direct control of the University, whether or not they are paid by the University (also referred to as “Workforce Members”). 45 C.F.R. § 160.103