Secure Data Requirements

Confidential and Sensitive Data Protection Requirements Federal and state laws as well as university policies require employees, students, and affiliates to secure confidential and sensitive data. Such data must be secured in both electronic and paper format. This includes the transmission, use, and storage of data, and includes any printed material that includes confidential or sensitive data.

In order to adhere to the same data security standards as university data stewards, the following requirements are applicable to employees, students, and affiliates when handling confidential and sensitive data:

Do not put the name of a student, an employee, or an affiliate in the subject line when sending email.

Do not put the Banner ID in the subject line when sending email. Use only the last name and partial Banner ID number (XXX for 950) in email messages.

Never use full or partial SSNs when sending email. Do not reply to email containing personally identifiable information (PII) including name, birth date, SSN or Banner ID. Respond to the sender by creating a new email and referencing receipt of the person’s email. Tell the sender not to send you email containing personally identifiable information (PII).

Delete email containing personally identifiable information (PII) from your Inbox and Trash folders.

Do not email spreadsheets or other documents with confidential and sensitive data. Use data repository services that are available through ITS. These services include WebFocus, Microsoft’s OneDrive, Secure File Transfer, AggieConnect, and shared drives.

An additional platform will be announced in the near future.

For questions, email Information Security Services at itsecure@ncat.edu.