Sensitive data is defined as information that is protected against unwarranted disclosure. Access to sensitive data should be safeguarded. Protection of sensitive data may be required for legal or ethical reasons, for issues pertaining to personal privacy, or for proprietary considerations.
What is Sensitive Data?
Sensitive Information includes all data, in its original and duplicate form, which contains:
- Personal Information, as defined by the North Carolina Identity Theft Protection Act of 2005
- Protected Health Information, as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Student education records, as defined by the Family Educational Rights and Privacy Act (FERPA)
- Customer record information, as defined by the Gramm Leach Bliley Act (GLBA)
- Card holder data, as defined by the Payment Card Industry (PCI) Data Security Standard
- Confidential personnel information, as defined by the State Personnel Act
- Information that is deemed to be confidential in accordance with the North Carolina Public Records Act
Securing Sensitive Data
Click Learn More to find a checklist can be used as a guide for securing computer systems containing sensitive data. If you suspect a compromise has occurred, please contact ITS Help immediately at 962-HELP and ask for a Remedy ticket to be created that informs ITS Security about the suspected compromise. To minimize the compromise, disconnect your computer from the network by either physically unplugging the network cable or disabling the wireless connection or both.
Sensitive Data & Cloud Storage
The Information Security Office (ISO) guidelines, and University policy for the storage of sensitive data designate the use of Microsoft Office 365 (O365) for approved cloud storage. User guidelines on how to leverage these resources for both sharing and storage of institutional data are available in the help document:
The guidance from the ISO is that for storing sensitive information with third party cloud storage providers, other storage providers, or Software as a Service (SAAS) providers, contractual provisions must be in place that protect the security and privacy of University-owned data.
Examples of third party cloud storage providers, other storage providers, or SAAS providers include DropBox, iCloud, Google Docs, and Amazon Simple Storage Service (Amazon S3), among others. Please note that the foregoing list is not meant to be exhaustive.