Sensitive information is defined as information that is protected against unwarranted disclosure. Access to sensitive information should be safeguarded. Protection of sensitive information may be required for legal or ethical reasons, for issues pertaining to personal privacy, or for proprietary considerations.
Sensitive Information includes all data, in its original and duplicate form, which contains:
- Personal Information, as defined by the North Carolina Identity Theft Protection Act of 2005
- Protected Health Information, as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Student education records, as defined by the Family Educational Rights and Privacy Act (FERPA)
- Customer record information, as defined by the Gramm Leach Bliley Act (GLBA)
- Card holder data, as defined by the Payment Card Industry (PCI) information Security Standard
- Confidential personal data, as defined by the State Personnel Act
- Information that is deemed to be confidential in accordance with the North Carolina Public Records Act
Sensitive information also includes any information that is protected by University policy from unauthorized access. This information must be restricted to those with a legitimate business need for access. Examples of sensitive information may include, but are not limited to, some types of research data (such as research data that is personally identifiable or proprietary), public safety information, financial donor information, information concerning select agents, system access passwords, information security records, and information file encryption keys.
If further clarification is required, please contact the Information Security Office at firstname.lastname@example.org or 445-9393 and we will facilitate any necessary clarification in collaboration with the office of University Counsel.