FAQs for protecting nonpublic information

Washington State University is committed to protecting confidential, nonpublic university information. But achieving that goal is an ongoing battle that requires the support and understanding of all employees. To help employee’s better fight identity theft at WSU, the university’s Data Taskforce and Information Technology Services provides the following answers to some of the most frequently asked questions on the topic.

Q: How is university information classified?

A: In three categories: public, nonpublic and confidential information. Public information, such as the Campus Directory, is of interest to the general public. Nonpublic information is required for the operation of the university and is not appropriate

to the general public. Confi dential information is restricted for legal reasons; personal information is considered onfidential.

Q: What does the university consider confidential information?

A: Confidential information is defined by state law under RCW 42.56.590, Personal Information – Notice of Security Breaches. Confidential information includes: Social Security number, payment card information, financial records, student education records, personnel records, medical records, driver’s license number, race and ethnicity, veteran status and disability information.

Q: What are the consequences if confidential data is compromised?

A: The cost of notifi cation for each incident can be quite high. If the university fails to notify the victim(s), the costs of civil lawsuits could be in the millions of dollars. The cost to the university’s image would be substantial.

Q: Is the university removing Social Security numbers from business forms?

A: The WSU ID number has replaced Social Security numbers on many business forms. Over time more forms will be converted to use WSU ID. Departments should start using the converted forms immediately.

Q: Do I need to keep copies of I-9 forms on file?

A: Departments on the Pullman campusdo not need to keep photocopies of the employment eligibility verifi cation I-9 form or supporting documentation because the offi cial (original) copy is maintained in Human Resource Services. Units outside Pullman are required to maintain the offi cial (original) file and submit a copy to HRS. Employing units should exercise due diligence and care in transferring this or other sensitive information to HRS. If hand-delivery is not possible, sealed envelopes should be used.

Q: Can nonpublic and/or confi dential information be stored on portable computing devices?

A: Nonpublic and/or confi dential university information may be stored or transported on laptops/tablets, USB drives, CD-ROM, DVD, etc., only as required for university business. When storing or transporting such information on a portable device/medium, it must be protected from disclosure using practices such as device locks or information encryption.

Q: Can I access nonpublic and confidential information if I work at home under a telework agreement?

A: Departments must ensure telework agreements with employees provide a mechanism for the secure transmission of information between the users and the university. Any time work involving nonpublic and confidential information is performed

remotely, procedures must be in place to ensure all computing devices used to access such data are secured in a manner equivalent to onsite work stations.

Q: How do I address the retention and disposal of nonpublic and/or confidential information?

A: Departments are responsible for retaining and disposing of university records in accordance with retention periods approved by RCW 40.14. Refer to the WSU Business Policies and Procedures Manual, section 90.01, for details. Nonpublic and/or confidential information must be disposed of in a manner that will make the information unrecoverable. Information residing on a computer or storage medium should be removed before passing the device on to another employee unless that individual is assuming the role/duties and has the same information-access privileges as the previous user.

Q: How long does it take to get access to Administrative Information Systems (AIS) applications like HEPPS?

A: Prospective users of AIS must complete an access request form (BPPM 85.33.1) approved by a department chair or administrator and the appropriate data custodian before IT Services can provide access. On average, once the appropriate paperwork has been received, the process takes one to two days to complete.

Next Story

Birthday wishes for WSU’s 134th

Washington State University was founded on March 28, 1890. To celebrate WSU’s 134th birthday, all campuses got involved.

Recent News

Provost finalists visiting the week of April 1

Finalists in the process of interviewing for the position of provost and executive vice president will present to the public during their visits to WSU next week.

McCoy named interim WSU athletic director

A widely recognized leader in intercollegiate athletics, McCoy will serve while a national search is conducted for the next athletic director.

WSU to review administrative structure

President Kirk Schulz used his annual State of the University Address to highlight both achievements and challenges while also announcing a planned review of WSU’s administrative structure and academic programs.