IT Resources Information
1. Purpose
Brigham Young University–Hawaii (BYU–Hawaii) collects, retains, and makes substantial use of personal and confidential information in achieving its mission. In the wrong hands, such information can be abused and used for improper and illegal activities such as identity theft. This policy is intended to promote the privacy of sensitive information which is accessible through the use of BYU–Hawaii information technology (IT) resources.
SCOPE
This policy applies to sensitive information collected, maintained, and/or made available through the use of BYU–Hawaii IT Resources. BYU–Hawaii recognizes and respects the need for privacy of sensitive information. Maintaining the security of sensitive information is one of BYU–Hawaii’s most important responsibilities. Information resource stewards (data stewards) or their authorized representatives are held accountable for adhering to strict standards to prevent the misuse and abuse of sensitive information. Sensitive information is safeguarded in the following ways:
- Employee access to sensitive information is restricted to individuals on a “need to know” basis for the sole purpose of conducting the business of the university.
- BYU–Hawaii emphasizes the importance of confidentiality and privacy through a combination of training, operating procedures, and systematically enforced information technology security.
- BYU–Hawaii strictly adheres to FERPA, HIPAA, GLB, and other relevant federal and state laws to protect the security of sensitive information.
- BYU–Hawaii continually tests and updates information technology resources to improve the protection of sensitive information residing on university systems.
- Users will comply with IT Resources Acceptable User Policy.
DISCLOSURE
At times, BYU–Hawaii is legally required to disclose sensitive information such as in response to a subpoena or to comply with legal permitted inquiry by government agencies or regulatory bodies. BYU–Hawaii may also exchange some sensitive information with third party entities in order to carry out normal university business transactions. Legal requirements concerning use and disclosure of sensitive information will be applied to information maintained with IT Resources to the same extent that the requirements are applied to records in other forms.
2. Policy
FERPA – Family Educational Rights and Privacy Act sometimes referred to as the Buckley Amendment, a federal law that gives students certain rights concerning their educational records kept by BYU–Hawaii.
Gram-Leach-Bliley Act (GLBA) – A federal law that applies to BYU–Hawaii when it is involved in awarding certain student loans
HIPAA – Health Insurance Portability and Accountability Act of 1996, a federal law that establishes regulations for the use and disclosure of protected health information.
Information technology resources or IT Resources – IT Resources including, but not limited to, computerized information, computing facilities, systems and devices, network systems, resources and devices, software, e-mail systems, and web pages.
Information resource steward (data steward) – The administrator or academic officer of a BYU–Hawaii unit, department, or school who, as determined by the applicable vice president, is responsible for management and oversight of the BYU–Hawaii data and affiliated IT resources located in, or used by personnel of, that unit, department, or school.
Sensitive information – Personal, medical, confidential and otherwise legally protected information which is collected, maintained, stored, or available through use of BYU–Hawaii IT Resources.