Information Security

Protecting University Data

Nazareth University keeps important personal information about students, applicants, employees, alumni and others connected to the University. Next to people, information is our most important asset and is critical to many of our operations. Because of this, it is very important to protect information in whatever form it is held.

All Nazareth University students, faculty, and staff (including contractors and vendors with access to Nazareth University systems) are responsible to ensure that data, whether held electronically or manually, is kept securely.

How to Keep Data Safe

You are responsible for protecting data that is stored on computers that you use (including desktops, laptops and mobile devices) against unauthorized access and inappropriate use. Follow these important standards:

  • Only access that information which you have the right to use in the course of your duties. Your ability to access other information does not imply any right to view, change, or share information.
  • Do not share data with anyone outside the University without proper approval.
  • Do not provide access to data through unauthorized methods. See “Protecting Your Password.”
  • Adhere to procedures and business rules that govern data usage. See "Nazareth’s Data Integrity Standards and the Procedures" established for your administrative functional area.
  • Make regular backups of your files.
  • Always password-protect your laptop, iPad, cell phone and other mobile devices.
  • Know what data is Confidential and how you must secure it. See “Protecting Confidential Information

Different Types of Data

Confidential

Information that, if exposed, can cause harm or information that is protected by law. Extra care must be taken to protect this information in both electronic and paper forms. See "Protecting Confidential Information"

Restricted

Information that, if disclosed, could place the person or University at risk of criminal or civil liability, or to be damaging to financial standing, employability, reputation or other interests.

Enterprise

Information that the University keeps about applicants, students, employees, alumni, donors, and others connected to the University.

student on laptop

Data Security: Best Practices

1. Data Handling
  • Do not discard lists with confidential information into the trash—shred them.
  • Do not permanently store 16-digit credit card information anywhere. Shred paper records.
    If you need to send data to an agency, ITS can help with encrypting the transmission. 
  • Do not send confidential information in plain text e-mails, or as un-encrypted attachments. It is not safe. ITS can help.
2. Data Storage and Sharing
  • No confidential information should be permanently stored on your desktop, laptop or removable device, unless you have obtained permission and the file is encrypted and password protected.
  • Do not transmit confidential information to outside parties, unless you have obtained permission and are using a secured method of transmission.
3. Working at Your Desk

Stepping away from your desk for a few minutes?

  • Turn off your monitor.
  • Lock your computer or log off.
  • Turn papers with information face down on your desk.
  • General Workstation Safe Practices
  • Lock your desk when you are not there.
  • Keep folders with confidential information in locked file cabinets.
  • Do not leave reports in the printer.
4. Credit cards, cash, and checks
  • Think about confidential information as if it were cash.
  • Do not leave checks out in the open.
  • Do not leave credit card transaction information on your desk – put away immediately.
5. Passwords
  • NO ONE should know your password. Treat it as you would your house key.
  • Passwords should be changed every 90 days 
  • Passwords should not be transmitted over the internet by email or any form of communication, unless they are encrypted. 
  • Passwords should be at least 8 characters long, with a combination of upper and lower case alpha, numeric and special characters. Do not use dictionary words. 
  • Passwords should never be written down. 
6. Learn which of your data is confidential

Sensitive and Personal Data
•   Social Security Numbers* 
•   Date of Birth 
•   Bank Account* 
•   Credit card number* 
•   Debit card number + access code* 
•   Driver’s license or non-driver ID* 
•   Wage information 
•   Giving / donation information 
•   Academic Information 
•   Employee phone number 

* Defined by New York State Breach Law