Information Use Policy

Information Use Policy

Baylor University collects, stores and uses data and information via information technology systems. With respect to this data and information, Baylor and its employees will:

  1. employ reasonable and appropriate security technology and practices to safeguard the information stored in University technology systems;
  2. use the information stored and collected in the University's technology systems for the purposes of the University;
  3. not release confidential information to the public or to non-related third parties unless required by law or other legal proceedings or with permission from the affected party(ies).

Employees shall not access, acquire, use, copy, or transfer confidential information except to the extent reasonably necessary to fulfill their employment duties.

Topic Listing
Definitions
Handling of Confidential Information
Directory Information
Social Security Numbers Guiding Philosophy
UIN/Social Security Number Usage

Related Polices, Legislation and other information
Technology Systems Use Policy (BUPP-025)
Directory Information Policy (BUPP-026)
Employee Personal Information (BUPP–027)
Handling of Confidential Information (BUPP–029)
Student Policies & Procedures
Network Usage Policy
Password Policy
Server Security Policy
Incident Response Policy
Information Use Guideline
Departments Authorized to Release Information

Contact – ITS Department

Sanction – Sanctions may include but are not limited to suspension of technology privileges, termination of employment, referral to Student Judicial Services, and/or criminal prosecution. For additional information, please reference Technology Systems Usage Policy BU-PP 025.

Persons who exceed their authority in using confidential information or who gain access to such information through unauthorized means, including the use of University computing facilities, should realize that their conduct is in violation of University policy and will be dealt with accordingly. Such conduct may also be in violation of state and federal law and may subject such persons to penalties of fines or imprisonment or both.

Date created/ updated – August 2007

Definition of University Data and Information
For the purposes of this policy, University data and information includes directory information (as defined in BUPP-026 and the Student Policies and Procedures) and non-directory information. Non-directory information would include most non-public information stored in the various student, alumni, financial, human resources, and ancillary systems operated by the University. This policy is not intended to establish ownership rights for materials or intellectual property produced by students, faculty, staff or others that utilize the University's systems.

Definition of Information Technology System
Information technology systems are defined as Baylor University owned systems that transmit or store university data. These may include but are not limited to computers, computer accounts, printers, networks, network devices, dial-in systems, software, electronic mail, web home pages, video systems, telephones, and telephone long distance and voice mail accounts.

Definition of Confidential Information
Confidential information is defined as non-directory information pertaining to students, alumni, employee records, university financial records, and trade secrets and any other information maintained in a confidential manner according to university policy or practice. Such confidential information may include, for example, academic records, compensation and other financial information.

Handling of Confidential Information
During the course of their employment, employees may encounter confidential information, particularly through the use of University computing facilities. Employees shall not access, acquire, use, copy, or transfer confidential information except to the extent necessary to fulfill their employment duties. All other individuals who are authorized to access or use confidential information of the University, may only access, acquire, use, copy or transfer such confidential information in a manner specified by and consistent with the University's authorization.

Access to and disclosure of student educational records are governed by regulations promulgated under the Family Educational Rights and Privacy Act (34 C.F.R. 99.1 et seq.) and by BUPP-026. Generally, any information concerning the educational records of a student cannot be disclosed to any other party without the prior written consent of the student. Specific questions concerning under what conditions information about a student may be obtained or disclosed should be directed to the Academic Records division in the Office of the Registrar.

Access to and disclosure of student, employee, donor and financial records is governed by BU-PP 029 and BU-PP 027. After reviewing these policies, any questions concerning under what conditions information about an employee may be obtained or disclosed should be directed to the Personnel/Payroll Office.

Employees shall take all appropriate action to insure the protection, confidentiality and security of confidential information. The obligation of an employee to maintain the confidentiality and security of confidential information survives the termination of employment with the University.

Directory Information
Faculty/staff and student (current and former) directory information is made available through information technology systems. Various systems provide name, address, phone number, and email address.

BUPP-026 is the policy guiding all usage of directory information on campus. Utilization of all directory information is restricted to University business. This information will not be released to non-related 3rd parties. Requests from outside of the University for information about employees must be referred to the Personnel/Payroll Office. Requests from outside of the University for information about students must be referred to the Academic Records division of the Office of the Registrar.

Social Security Numbers Guiding Philosophy
With respect to Social Security numbers, the University is guided by the following objectives:

  1. Broad awareness of the confidential nature of the Social Security number;
  2. Reduced reliance upon the Social Security number for identification purposes;
  3. A consistent approach regarding the use of Social Security numbers throughout the University; and
  4. Increased confidence by students and employees that Social Security numbers are handled in a confidential manner.

UIN/Social Security Number Usage

  1. A University-wide Unique Identification Number (UIN) is assigned to all students, employees, and other associated individuals, such as contractors or consultants. The UIN will be considered a public piece of information. This UIN will be assigned at the earliest possible point of contact between the individual and the University. The UIN will be used in all future electronic and paper data systems to identify, track, and service individuals associated with the University. It will be permanently and uniquely associated with the individual to whom it is originally assigned.
    1. a. The UIN will be considered the property of Baylor University, and its use and governance shall be at the discretion of the University, within the parameters of the law;
    2. The UIN will be maintained and administered by Information Technology Services (ITS);
    3. The UIN will be a component of a system that provides a mechanism for both the public identification of individuals and a component of authentication.
  2. Grades and other pieces of personal information will not be publicly posted or displayed in a manner where either the UIN or Social Security number identifies the individual associated with the information.
  3. Paper and electronic documents containing Social Security numbers should be disposed of in a secure fashion.
  4. Except where the University is legally required to collect a Social Security number, individuals will not be required to provide their Social Security number, orally or in writing, at any point of service, nor will they be denied access to those services should they refuse to provide a Social Security number. However, individuals may volunteer their Social Security number if they wish as an alternate means of locating a record or authentication.
  5. The Social Security number may continue to be stored as an attribute associated with an individual. The Social Security number may be used as needed to identify individuals for whom a UIN is not known.
  6. This policy does not preclude, if a primary means of identification is unavailable, Baylor University employees from using the Social Security number as needed during the execution of their duties. The University is also permitted to continue to collect Social Security numbers in a manner consistent with state and federal law.
  7. The Chief Information Officer has the responsibility of overseeing Social Security number usage on campus. This administrator will control the Social Security number and his/her approval will be required to collect, use or store Social Security numbers in any existing or new electronic system.