How Do I Protect Confidential Information
The protection of confidential information in any of its forms, whether it be electronic, printed and even memorized information, is paramount to insuring continued business functions. In addition, the University is required to comply with Federal and State Laws to insure that UTEP is not misrepresented by the disclosure of personal information or found negligent in its duty to protect personal information of its students, faculty and staff.
What Are Some Examples of Confidential Information?
- Social Security Numbers
- UTEP ID Numbers (80/88)
- UTEP EID Number (60)
- Date of Birth
- Financial information
- Credit Card Numbers
- Medical Records
- Ethnicity
- Religious affiliations
- Sexual orientation
- Political party affiliations
Note: Care should be exercised when working with data containing both a person's first and last name, together with one or more of the following: Social Security Number, UTEP ID Number (80/88), driver's license number, student grades, identification numbers, or account numbers, credit or debit card numbers, or other banking information in combination with any required security code, access code, or password that would permit access to an individual's financial account.
How Do I Comply?
- Grades may not be publicly posted with all or any portion of the SSN or 80/88 Number.
- Records and media (disks, tapes, hard drives, etc.) containing confidential information must be discarded in a way that protects the confidentiality of the information. For example, paper records should be shredded and hard drives should be formatted in accordance to policy.
- All new systems must comply with the standards contained in Section 10.5.4 of UTS165 (SSNs may not be the primary key to a database and SSNs should not be displayed).
- Before acquiring or developing new systems, contact the Information Security Office for assistance in meeting compliance requirements.
- Limit access to records containing SSNs to those employees who need access for the performance of their job duties.
- Records with confidential information should not be stored on computers or other electronic devices that are not secured against unauthorized access (Please refer to the Security Policies for more information).
- Confidential information should be shared only with authorized third parties. A written Confidentiality agreement should be used that requires the third party to use adequate safeguards to protect records containing SSNs.
- Confidential Information is not to be displayed on documents, computer screens, PDAs, etc., that can be seen by the general public (e.g., time cards, rosters, etc.) unless required by law.
- Mailed materials containing confidential information should be designed so that information does not show in the envelope window.
- Confidential Information is not to be sent over the Internet or via Email unless encrypted, password-protected, or otherwise secured.
How To Encrypt Microsoft 2003/2007 Word and Microsoft Excel Files
How to Encrypt Microsoft 2013 Word and Excel Files
How to Encrypt Microsoft 2016 Word and Excel Files
How To Encrypt ZIP Files Using WinZip 11
How to Encrypt ZIP Files Using 7-Zip
- Paper documents containing confidential information should be locked or secured from unauthorized access.
- Each employee must promptly report inappropriate or suspected disclosures or use of confidential information to his or her supervisor; who, in turn, is to report such disclosures to UTEP’s Information Security Office.
- Each employee must comply with the Rules of Conduct that implements UTS165. Failure to do so may result in disciplinary action, including discharge or dismissal.
Please contact the Information Security Office if you have any questions or refer to the following documents for more information: