Confidentiality Guidelines for ITS and Library Employees

In the course of work for Baylor University, ITS/ Library employees may have access to personal information involving employee, student, and/or other university constituent/patron records (e.g. contact information, social security number, employment information, financial aid awards, grades, gift/pledge amounts, materials access records, and/or other personal data,) as well as other data that is sensitive and confidential. Employees may also have access to third-party software and other licensed products or processes. This information may be on paper, contained in software, visible on screen displays, in computer readable form, or otherwise.

All such information should be treated as highly confidential and should not be

  1. used or modified in any fashion except in the course of assigned work for the university, unless authorized to do so;

  2. copied except as necessary for such permitted use; and/or

  3. published or disclosed or made available, except for limited disclosure and access by other university employees who need to know for permitted use or as otherwise authorized by the university.

Upon the termination of employment, or earlier as instructed by the university, employees should return to the university all copies (original and duplicate, in whatever form) of all materials containing confidential information.

Division employees are responsible for reading, understanding, and complying with the ITS Information Use Policy and its associated policies. Employees who supervise student workers are responsible for having those workers sign the student worker nondisclosure agreement and submitting the signed form to the Moody Library administrative office or the ITS administrative office.

The following best practices should be followed to help maintain the security, confidentiality and integrity of information:

  • Lock rooms and vehicles containing computers and computer media.

  • Immediately report any lost or stolen computers or media containing university data resources to one’s supervisor.

  • Use password-activated screensavers.

  • Use strong passwords. (

  • Do not post passwords near assigned personal computer and do not share passwords with others.

  • Do not access information outside the scope of assigned duties;

  • Refer calls or other requests for university information to designated individuals or departments.

  • Immediately report any system breach or fraudulent attempt to obtain university information to one’s supervisor.

  • Install PGP encryption any division laptop/notebook/tablet computer assigned to an individual.

Reviewed February 24, 2014