Box Data Sensitivity and Usage Statement
| Data Type | OK to Use Box? |
|---|
| Non-Confidential University Data | YES |
| FERPA Data | YES |
| HIPAA Data | NO |
| Social Security Number | NO |
| Credit Card Data | NO |
| ITAR/EAR | NO |
| Human subject research data | With IRB
approval |
| All Other Confidential University Data | LSP* |
* LSP - Some confidential university data may be permissible with appropriate compensating controls. Talk to your Local Support Provider (LSP) for details about your needs and how to protect this data.
Questions or concerns? Contact ISC Information Security (security@isc.upenn.edu) or the Privacy Office (privacy@upenn.edu
Confidential University Data includes:
Sensitive Personally Identifiable Information
Information relating to an individual that reasonably identifies the individual and, if compromised, could cause significant harm to that individual or to Penn. Examples may include, but are not limited to, Social Security numbers, credit card numbers, bank account information, student grades or disciplinary information, salary or employee performance information, donations, patient health information, information Penn has promised to keep confidential, and account passwords or encryption keys used to protect access to confidential University data.
Proprietary Information
Data, information, or intellectual property in which the University has an exclusive legal interest or ownership right, which, if compromised, could cause significant harm to Penn. Examples may include, but are not limited to, business planning, financial information, trade secrets, copyrighted material, and software, or comparable material from a third party when the University has agreed to keep such material confidential.
Other data
Other data whose disclosure would cause significant harm to Penn or its constituents.
Last updated: Thursday, August 9, 2012
|
