Wheeling Jesuit University
Search

Human Resources

Human Resources Home
Policies Home
  Academics
  Athletics
  Campus Life
  Counseling
  Enrollment
  Facilities
  Finance
  Human Resources
  ITS
  Mission & Ministry

  FERPA
  HIPPA
  Title IX



Email: hr@wju.edu
Phone: 1-304-243-8152


Worplace Practices: Information Security


Date approved:
April 2011
Approved by:
 
Date to be reviewed:
March 2011
Reviewed by:
Chief of Staff
Date revised:
 
Revision number:
1.0
 
Compliance Committee:
As Scheduled

1.0 PURPOSE

All employees of Wheeling Jesuit University are responsible for protecting against the unintended or unauthorized disclosure of information to either internal or external sources. Furthermore, the University respects the information associated with the business practices of other institutions and organizations. Consequently, the acquisition or collection of information from other institutions and organizations is also regulated and employees will be held to the same standards in obtaining that information.

2.0 POLICY STATEMENT

2.1 Definitions

  1. "Information" includes printed or electronic files, emails and the content of verbal communications.
  2. "Protection" refers to the security of the information from inception through disposal, including retention, storage and transfer.
  3. "Hierarchy of Security" refers to the level of Protection applied to the Information.
  4. "Sharing" means conveyance of Information including, but not limited to, transmission via copying, mailing, electronic transfer or speech. This also includes receipt of Information, the acquisition of which could adversely affect the University's reputation.
  5. "Nondisclosure Agreement", or NDA, is a legal instrument designed to protect Information deemed "Restricted" by the University.

2.2 Coverage

Information that is to be protected includes data specific to Wheeling Jesuit University and data obtained from or supplied to a third party. University supervisors, directors and administrators are to apply the appropriate level of security amount of Protection, according to the Hierarchy of Security, associated with the Information that they manage and share. Secretaries, administrative assistants, staff employees and student workers are to respect the Protection associated with Information and understand that they are functioning as an extension of their supervisors; therefore, they are bound to comply with the same Protection as the supervisor to whom they are assigned.

2.3 Hierarchy of Security

  1. Public: Information of general knowledge that can be shared freely among the public or employees of the University including university calendars, brochures, mission statements, etc.
  2. Private-Confidential: Information pertaining to specific individuals or departments that is controlled by necessity or federal, state or local regulations, including individual personnel files, student files and academic records, financial data pertaining to a department within the University, technology, funding, etc. This information is protected on a "needs-to-know" basis among management and administration and can only be shared at that level or above. All such designations will be made in accordance with any applicable federal, state or local regulations.
  3. Restricted: Information that is protected because its dissemination could damage either the University or individuals within the University including undisclosed University financial data, information of a strategic or proprietary nature, intellectual capital, technology and research impacting a program or the potential start-up of an entrepreneurial outgrowth, etc. This Information is protected on an "eyes-only" basis among University administrators and can only be shared at that level or above. If it is appropriate for an employee outside of University administration to handle restricted information, that employee shall be preapproved by the President and sign an NDA beforehand. All such designations will be made in accordance with any applicable federal, state or local regulations.

2.4 Identifying / Handling Information

  1. Information that is shared jointly among management and University administration shall be considered Private- Confidential. Other employees who, in the course of their employment, handle such Information for a supervisor shall consider it Private-Confidential and comply with any applicable federal, state or local regulations.
  2. All information that is Restricted shall be handled at the level of University administration only. If it is to be circulated below that level is should be identified at the time of dissemination.
  3. The University will employ legal and ethical means to collect and disseminate Information and will not collect or disseminate such Information unless the party from whom the Information is obtained or to whom the Information is sent is agreeable to the University's application of that Information.
  4. Employees may not: engage in unauthorized discussions of Private-Confidential and Restricted Information with friends, family, student workers and other University employees not authorized to have access to the Information; disseminate or discuss such Information with outside individuals absent the University's consent; and download such Information to personal devices. Employees should: avoid holding authorized discussions in public venues; leaving Private-Confidential or Restricted Information lying openly on desks, computer screens or copiers; and printing on remote printers and not accessing the Information immediately afterward.

2.5 Consequences for Failure to Adhere

Individuals who fail to adhere to this Policy may be disciplined. Such discipline may range from a simple memo or counseling session wherein the employee is informed of individual obligations under this Policy through corrective discipline up to and including termination. The level of discipline will be determined by prior occurrences, type of Information shared, intent of the party and exposure to the University.

3.0 AUTHORIZATION

The VP for Information Technology, in conjunction with the Director of Human Resources, has the authority to approve changes or exceptions to this policy at any time with or without notice, provided such changes are in compliance with other policy guidelines.

4.0 ATTACHMENTS



Job Opportunities | Calendar | President's Welcome | Virtual Campus Tour | Services | Financial Aid | Campus Directory | Apply Online


© 2014 Wheeling Jesuit University, Inc. • 316 Washington Avenue • Wheeling • West Virginia • 26003 • (800) 624-6992 • Legal
Website Powered by ActiveCampus™ Software by Datatel