Virtru Protected Information
Use the following breakdown of protected information to assess whether the data you are sharing should be encrypted or protected. Remember, if in doubt, it is best to assume the information should be protected. This is not a comprehensive list, so use your best discretion when making decisions.
Admissions Office
Criminal investigations, Campus Police records and evidentiary materials
Advisory, consultative or deliberative material
Victims records
Documents subject to attorney client privilege
Administrative or technical information regarding computer hardware, software and networks which would jeopardize computer security
Emergency or security information for any building that would jeopardize security of the building or persons therein
Security measures and surveillance techniques
Information required to be kept confidential by court order
Admission applications
Student records (FERPA), grievance or disciplinary proceedings
Student records other than directory information
Social Security Numbers
Unlisted telephone numbers
Student directory information that a student has requested not to be disclosed
Student and employee ID numbers combined with PINs and/or birth dates
Alumni Relations
Victims records
Charitable contributions
Student records other than directory information
Credit card account number, or debit card number and any required security code, access code or password that would permit access to an individual’s financial account (e.g. other cardholder data)
Personal financial information, including checking or investment account numbers
Student and employee ID numbers combined with PINs and/or birth dates
Athletics Department
Student records other than directory information
Student directory information that a student has requested not to be disclosed
Health Information, including Protected Health Information (PHI) and any data covered under the Health Insurance Portability and Accountability Act (HIPAA)
PHI can include data such as information, including demographic data, that relates to:
the individual’s past, present or future physical or mental health or condition,
the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the individual,
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number)
Student records (FERPA), grievance or disciplinary proceedings
Criminal investigations, Campus Police records and evidentiary materials
Trade secrets and proprietary commercial or financial information obtained from any source, or information that is the subject of a non-disclosure agreement with the University.
Administrative or technical information regarding computer hardware, software and networks which would jeopardize computer security
Emergency or security information for any building that would jeopardize security of the building or persons therein
Security measures and surveillance techniques
Information that would give an advantage to competitors or bidders
Sexual harassment complaints and investigations
Grievances filed
Business Office
Unlisted telephone numbers
Communications with insurance carriers or risk management officers
Personnel and pension records
Documents subject to attorney client privilege
Information required to be kept confidential by court order
Biotechnology trade secrets
Community Instructors
Student records other than directory information
Student directory information that a student has requested not to be disclosed
Student records (FERPA), grievance or disciplinary proceedings
Trade secrets and proprietary commercial or financial information obtained from any source, or information that is the subject of a non-disclosure agreement with the University.
Administrative or technical information regarding computer hardware, software and networks which would jeopardize computer security
Emergency or security information for any building that would jeopardize security of the building or persons therein
Sexual harassment complaints and investigations
Grievances filed
Faculty
Trade secrets and proprietary commercial or financial information obtained from any source, or information that is the subject of a non-disclosure agreement with the University.
Administrative or technical information regarding computer hardware, software and networks which would jeopardize computer security
Emergency or security information for any building that would jeopardize security of the building or persons therein
Security measures and surveillance techniques
Information that would give an advantage to competitors or bidders
Sexual harassment complaints and investigations
Grievances filed
Collective bargaining negotiations
Test questions, scoring and other examination data
Student records (FERPA), grievance or disciplinary proceedings
Biotechnology trade secrets
Personnel and pension records
Student records other than directory information
Social Security Numbers
Student directory information that a student has requested not to be disclosed
Student and employee ID numbers combined with PINs and/or birth dates
School assigned usernames or other account names combined with unencrypted password string
Driver’s License Numbers
Financial Aid Department
Trade secrets and proprietary commercial or financial information obtained from any source, or information that is the subject of a non-disclosure agreement with the University.
Social Security Numbers
Passport and VISA numbers
Criminal investigations, Campus Police records and evidentiary materials
Driver’s License Numbers
Student records other than directory information
Admission applications
General Users
General User
Emergency or security information for any building that would jeopardize security of the building or persons therein
Security measures and surveillance techniques
Administrative or technical information regarding computer hardware, software and networks which would jeopardize computer security
Information that would give an advantage to competitors or bidders
Biotechnology trade secrets
Health and Disability Services
Medical examiner and other non-PHI medical records
Criminal investigations, Campus Police records and evidentiary materials
Advisory, consultative or deliberative material
Victims records
Documents subject to attorney client privilege
Sexual harassment complaints and investigations
Grievances filed
Communications with insurance carriers or risk management officers
Information required to be kept confidential by court order
Student records (FERPA), grievance or disciplinary proceedings
Student records other than directory information
Protected Health Information (PHI) and any data covered under the Health Insurance Portability and Accountability Act (HIPAA)
PHI can include data such as information, including demographic data, that relates to:
the individual’s past, present or future physical or mental health or condition,
the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the individual,
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number)
Health Insurance Policy ID Numbers
Student directory information that a student has requested not to be disclosed
Student and employee ID numbers combined with PINs and/or birth dates
Students
Test questions, scoring and other examination data
Social Security Numbers
Personal financial information, including checking or investment account numbers
Student directory information that a student has requested not to be disclosed
Student and employee ID numbers combined with PINs and/or birth dates
School assigned usernames or other account names combined with unencrypted password string
Student records other than directory information
Seton Hill data is protected under the following guidelines:
Gramm-Leach-Bliley Act (GLBA)
The GLBA Privacy Rule protects a consumer's "nonpublic personal information" (NPI). NPI is any "personally identifiable financial information" that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise "publicly available."
information an individual gives you to get a financial product or service (information on an application)
information you get about an individual from a transaction involving your financial product(s) or service(s)
information you get about an individual in connection with providing a financial product or service
Family Educational Rights and Privacy Act (FERPA)
Parents or eligible students have the right to inspect and review the student's education records maintained by the school. Schools are not required to provide copies of records unless, for reasons such as great distance, it is impossible for parents or eligible students to review the records. Schools may charge a fee for copies.
Parents or eligible students have the right to request that a school correct records which they believe to be inaccurate or misleading. If the school decides not to amend the record, the parent or eligible student then has the right to a formal hearing. After the hearing, if the school still decides not to amend the record, the parent or eligible student has the right to place a statement with the record setting forth his or her view about the contested information.
Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):
School officials with legitimate educational interest;
Other schools to which a student is transferring;
Specified officials for audit or evaluation purposes;
Appropriate parties in connection with financial aid to a student;
Organizations conducting certain studies for or on behalf of the school;
Accrediting organizations;
To comply with a judicial order or lawfully issued subpoena;
Appropriate officials in cases of health and safety emergencies; and
State and local authorities, within a juvenile justice system, pursuant to specific State law.
Health Insurance Portability and Accountability Act (HIPAA)
The HIPAA Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."
“Individually identifiable health information” is information, including demographic data, that relates to:
the individual’s past, present or future physical or mental health or condition,
the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the individual,
and that which identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).
European Union General Data Protection Regulation (EU GDPR)
The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as:
a name, an identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of these natural persons.
In practice, these also include all data which are or can be assigned to a person in any kind of way. For example:
the telephone, credit card or personnel number of a person, account data, number plate, appearance, customer number or address are all personal data.