Wheeling Jesuit University

Human Resources

Human Resources Home
Policies Home
  Academics
  Athletics
  Campus Life
  Counseling
  Enrollment
  Physical Plant
  Finance
  Human Resources
  ITS
  Mission & Ministry
  Campus Safety &   Security

  HIPAA

  Title IX Site
   Policy
   Grievance Procedure
   Coordinators



Email: hr@wju.edu
Phone: 1-304-243-8152


Worplace Practices: Information Security


Date approved:
April 2011
Approved by:
William C. Rickle, S.J.
Date to be reviewed:
April 2017
Reviewed by:
Director of Human Resources
Date revised:
April 2016
Revision number:
4.0

Image of a printer icon that allows you to click and print the page.

1.0 PURPOSE

All employees of Wheeling Jesuit University are responsible for protecting against the unintended or unauthorized disclosure of information to either internal or external sources. Furthermore, the University respects the information associated with the business practices of other institutions and organizations. Consequently, the acquisition or collection of information from other institutions and organizations is also regulated and employees will be held to the same standards in obtaining that information. This policy is not intended to discourage concerted activity such as discussion or efforts among employees to change the working conditions or terms of employment.

2.0 POLICY STATEMENT

2.1 Definitions

2.1.1 "Information" includes printed or electronic files, emails, and the content of verbal communications.

2.1.2 "Protection" refers to the security of the information from inception through disposal, including retention, storage, and transfer.

2.1.3 "Hierarchy of Security" refers to the level of protection applied to the Information.

2.1.4 "Sharing" means conveyance of information including, but not limited to, transmission via copying, mailing, electronic transfer or speech. This also includes receipt of Information, the acquisition of which could adversely affect the University's reputation.

2.1.5 "Nondisclosure Agreement", or NDA, is a legal instrument designed to protect Information deemed "Restricted" by the University.

2.1.6 "Senior Leadership" includes the President's direct reports.

2.1.7 "Senior Administration" includes Senior Leadership, department directors, officers, and those who have specific budgetary responsibilities. Faculty chairs will be equivalent.

2.2 Coverage

Information that is to be protected includes data specific to Wheeling Jesuit University and data obtained from or supplied to a third party. University supervisors, directors, and administrators are to apply the appropriate level of protection, according to the Hierarchy of Security, associated with the Information that they manage and share. Secretaries, administrative assistants, staff employees, and student workers are to respect the protection associated with Information and understand that they are functioning as an extension of their supervisors; therefore, they are bound to comply with the same protection as the supervisor to whom they are assigned.

2.3 Hierarchy of Security

2.3.1 Public: Information of general knowledge that can be shared freely among the public or employees of the University including university calendars, brochures, mission statements, etc., and all published information delivered in any form or media (paper, radio, television) or on the website.

2.3.2 Private-Confidential: Incudes two types of information:

  • Private - Personal information on individual employees and students where access is controlled according to federal, state or local regulations including: individual personnel files protected by state laws, individual medical files protected by HIPAA, and student files and academic records protected by both HIPAA and FERPA. Permission to access this information (such as inspecting files) or pass it to a third party (such as insurance providers for quotes) will be granted to specific University employees in accordance with their job descriptions and applicable federal, state or local regulations and in compliance with necessary security measures to maintain individual privacy. Employee addresses, phone numbers, email, and cell phones, in addition to University benefits plans and salary & wage scales, are not private or covered by federal, state, or local regulations.
  • Confidential - Includes departmental budgets, grants, etc. This information is protected on a "needs-to-know" basis among senior administration and faculty chairs. Permission to access this information may be granted to specific individuals below senior administration and faculty chair in accordance with the directives of senior administration and the approval of senior leadership.

2.3.3 Restricted: Information that is protected because of its proprietary nature. This information includes: proprietary
University budgets and financial information, technology, grants, information of a strategic or proprietary nature, intellectual capital, research impacting a program or the potential start-up of an entrepreneurial outgrowth, legally protected files designated attorney-client privilege, etc., as well as proprietary information on donors, alumni, or business partners. etc. This Information is protected on an "eyes-only" basis among University senior leadership and can only be shared at that level or above. Every individual on University senior leadership must have an NDA on file in the Human Resources Department when they are appointed to this level. If it is appropriate for an employee outside of University senior leadership to handle restricted information, that employee shall be preapproved by the President and sign an NDA beforehand.

2.4 Identifying / Handling Information

2.4.1 Information that is shared jointly among University administration and faculty shall be considered Private-Confidential. Other employees who, in the course of their employment, handle such Information for a supervisor shall consider it Private-Confidential and comply with any applicable federal, state or local regulations.

2.4.2 All information that is Restricted shall be handled by senior leadership only (exception: permission may be granted to
senior administration). If it is to be circulated below that level is should be identified at the time of dissemination and any employee handling such information must sign a NDA beforehand.

2.4.3 The University will employ legal and ethical means to collect and disseminate Information and will not collect or disseminate such Information unless the party from whom the Information is obtained or to whom the Information is sent is agreeable to the University's application of that Information.

2.4.4 Employees may not disclose Restricted data or Private - Confidential information protected by HIPAA, FERPA, Personnel File Laws, or information of a proprietary nature regarding employees, students, business partners, vendors or customers with family, student workers and other University employees not authorized to have access to the Information or download such Information to personal devices. Employees should avoid leaving Private- Confidential or Restricted Information lying openly on desks, computer monitors or copiers; and printing on remote printers and failing to retrieve the Information immediately afterward. There is no prohibition on employees discussing their wages, benefits, or public information such as phone numbers, addresses, or contact information either inside or outside the workplace.

2.5 Consequences for Failure to Adhere

Individuals who fail to adhere to this Policy may be disciplined according to the policy on Corrective Discipline. Such discipline may range from a simple memo placing them "on notice" or counseling session up to and including termination. The level of discipline will be determined according to the policy, if it is a minor or major infraction, number of prior occurrences, type of Information shared, intent of the party, and exposure to the University.

3.0 AUTHORIZATION

The Director of Human Resources may change this policy at any time, with or without notice, and all such changes must be approved by the University President or his designee.

4.0 ATTACHMENTS

Nondisclosure Agreement


Job Opportunities | Calendar | President's Welcome | Virtual Campus Tour | Services | Financial Aid | Campus Directory | Title IX | Apply Online


© 2016 Wheeling Jesuit University, Inc. • 316 Washington Avenue • Wheeling • West Virginia • 26003 • 304-243-2000 • Legal
Website Powered by ActiveCampus™ Software by Datatel