Confidentiality of Data
Each employee, consultant, student, or person granted access to data and information holds a position of trust and must preserve the security and confidentiality of the information he/she uses. Users of University data and information are required to abide by all applicable Federal and State guidelines and University policies regarding confidentiality of data. All users of University data and information must read and understand Information Technology's policies and understand how these policies apply to their respective job functions.
Any employee or person with authorized access to Winston-Salem State Universityâ??s computer resources, information system, records or files is given access to use the Universityâ??s data or files solely for the business of the University. Specifically, individuals should:
- Access data solely in order to perform his/her job responsibilities.
- Not seek personal benefit or permit others to benefit personally from any data that has come to them through their work assignments.
- Not make or permit unauthorized use of any information in the Universityâ??s information system or records.
- Not enter, change, delete or add data to any information system or files outside of the scope of their job responsibilities.
- Not include or cause to be included in any record or report, a false, inaccurate or misleading entry.
- Not alter or delete or cause to be altered or deleted from any record, report or information system, a true and correct entry.
- Not release University data other than what is required in completion of job responsibilities.
- Not exhibit or divulge the contents of any record, file or information system to any person except as it is related to the completion of their job responsibilities.
Additionally, individuals are not permitted to operate or request others to operate any University data equipment for personal business, to make unauthorized copies of University software or related documentation, or use such equipment for any reason not specifically required by the individualâ??s job description.
It is the employee's responsibility to report immediately to his/her supervisor any violation of this policy or any other action, which violates confidentiality of data.
Security Measures and Procedures
All users of University information systems are supplied with a network account to access the data necessary for the completion of their job responsibilities. Users of the University information systems are required to follow the procedures outlined below:
- All transactions, processed by a user ID and password, are the responsibility of the person to whom the user ID was assigned. The user's ID and password must remain confidential and must not be shared with anyone.
- Do not use anyone else's password. Using someone else's password is a violation of policy, no matter how it was obtained.
- Do not share your password with anyone. Your password provides access to information that has been granted specifically to you. To reduce the risk of shared passwords, remember not to post your password on or near your workstation.
- It is your responsibility to change your password immediately if you believe someone else has obtained it.
- Access to any student or employee information (in any format) is to be determined based on specific job requirements. The appropriate Director, Chair, Dean, and/or Vice Chancellor is responsible for ensuring that access is granted only to authorized individuals, based on the performance of their job. Written authorization must be received by Information Technology prior to granting system access.
You are prohibited from viewing or accessing additional information (in any format) unless you have been given the proper written authorization. Any access obtained without written authorization is considered unauthorized access.
- To prevent unauthorized use, the user shall log off all applications that are sensitive in nature when leaving the workstation. An alternative is to establish a workstation password to lock your session. This is especially important during breaks, lunch and at the end of the workday.
- Passwords are required to be changed by University systems every ninety days, however, if there is reason to believe they have been compromised or revealed inadvertently, you should manually change your password immediately. If you need help in changing your password, please call the Help Desk at x3431. Additionally, notify your supervisor immediately if you suspect unauthorized use of your password.
- Upon termination or transfer of an employee, the responsible department manager will complete the necessary forms as required by IT Policy 1.5 for Computer Systems Access.