University Resources, Operations and Policies

Schools/Departments:

  • Office of Information Technology
  • Categories:

  • Technology
  •  

    Protected Information Handling Policy


    Policy Statement

    This policy describes a set of requirements that apply to all persons who use information that has been designated as protected information.


    Reason for Policy

    The primary purpose of this policy is to ensure that the necessary policy and awareness exist so that University employees and students comply with all applicable laws and regulations. This document establishes minimum requirements for the proper handling and protection of Adelphi Protected Information.


    Who Is Governed by this Policy

    This policy applies to all Adelphi University employees, students, contractors, consultants, temporaries, and other workers including all personnel affiliated with third parties utilizing information that is owned by Adelphi University and has been designated as protected information.


    Policy

    1. In consultation with the Information Security Officer, the Information Owner must define requirements for protection, disclosure of, and/or access to protected information.
    2. All information categorized as Regulated, Protected, Critical, or Controlled is considered Protected Information.
    3. Protected Information may only be created, collected, stored, transmitted and/or processed if a need to do so exists, and if that need cannot be satisfied in any other way.
    4. Protected Information must be securely destroyed when it is no longer needed.
    5. Protected Information must be handled with due care.
    6. When loss of unauthorized disclosure of protected information has been detected, or if it is suspected to have taken place, the Information Security Officer must be notified and an information security incident may be declared.

    Guidance

    Using due care to handle protected information includes the requirement to appropriately restrict access to the protected information by placing it on a network server that has restrictive access controls in place, password protecting it, or encrypting it using a strong encryption algorithm. Due care also requires that protected records in non-electronic format are stored in restricted locked areas, such as closed and non-accessible offices, locked desk drawers, or locked filing cabinets. In addition, transmission of protected documents to personal addresses or any other non-approved destinations is not allowed. Limit the amount of copies made of sensitive data, and do not copy sensitive files to unencrypted portable media.

    Enforcement

    Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.


    Definitions

    Information Owner: A person or role who has the authority to make informed decisions about certain classes of information.


    Forms

    This policy does not have forms associated with it at this time. Upon periodic policy review this area will be evaluated to determine if additional information is needed to supplement the policy.


    Related Information

    This policy does not have related information at this time. Upon periodic policy review this area will be evaluated to determine if additional information is needed to supplement the policy.


    Contacts

    Chief Information Officer
    Office of Information Technology
    p – 516.877.3340                                                                    

    Dr. Kees Leune
    p – 516.877.8178
    e – leune@adelphi.edu


    Document History

    • Last Reviewed Date: Fall 2017
    • Last Revised Date: Fall 2017
    • Policy Origination Date: June 18, 2009               

    Who Approved This Policy

    Office of Information Technology

     

    Schools/Departments:

  • Office of Information Technology
  • Categories:

  • Technology
  •  
     
     
    Apply Now
    Request Information