78  Institution Privacy Policies COLORADO STATE UNIVERSITY Information Collection and Personal Records Privacy http://policylibrary.colostate.edu/policyprint.aspx?id=493 Policies of Colorado State University University Policy Policy Title: Information Collection and Personal Records Privacy Category: Information Technology Owner: Vice President for Information Technology Policy ID#: 4-1018-007 Contact: Academic Computing and Networking Services Web: http://www.acns.colostate.edu Phone: 970-491-5133 Original Effective Date: 7/21/2005 Last Major Revision: 5/10/2017 Supersedes Policy ID#: 4-1018-001 PURPOSE OF THIS POLICY Colorado State University collects personal information of a sensitive nature to facilitate and enable its business and academic functions. Unauthorized access to such information may have significant negative consequences, including exposing those associated with the university to the risk of identity theft, and adversely affecting the reputation of the University. In addition, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), Colorado House Bill 03-1175 (the “non-SSN” legislation), the Family Educational Rights and Privacy Act (FERPA), the Payment Card Industry Data Security Standard, and other legislation require various classes of information to be protected from unauthorized access. The University Policy on IT Security addresses security measures for protecting sensitive data. This policy addresses access to and use of certain sensitive information stored in paper or electronic form. APPLICATION OF THIS POLICY These policies encompass best practices that are in general to be applied comprehensively at the University, including third parties accessing University information. Units that own the record are responsible for implementing their aspects of this policy. All users who access sensitive digital information also must conform to this policy. DEFINITIONS USED IN THIS POLICY
Previous Page Next Page