Sensitive Data Policy Guide

Purpose

This document is not intended to serve as official policy, but rather as a guide to aid UNT System webmasters using Central Web Services resources. We strongly encourage all web content owners and editors to familiarize themselves with the policies linked herein to ensure that all applicable UNT policy and state and federal laws are being met.

What is Sensitive Data?

Sensitive data is personal data that is protected from public disclosure by university policy, state or federal law. The following are all examples of sensitive data:

  • Personal data
    • Social Security Numbers (SSNs)
    • Anything that may be used to facilitate identity theft (e.g., mother's maiden name)
  • Financial data
    • Credit Card numbers
    • Tax information
  • Student data (protected by FERPA)
    • Transcripts
    • Grades
    • Student ID numbers
  • Health data (protected by HIPAA)
    • Medical records
    • Insurance information
  • UNT's proprietary data
    • EMPL IDs
  • Human subjects research data

The previous items by no means constitute a complete list, but are provided as a general guide. As a very rough rule of thumb, if you wouldn't want a certain piece of information about yourself available to the general public, it would probably be considered sensitive data.

What Sensitive Data may be stored on Central Web Services servers?

No sensitive data may be stored on Central Web Services servers, whether or not access controls have been put in place. There are two major reasons why this is the case:

  • The services provided by Central Web Services are intended for public-facing brochure and informational websites. Central Web Services does not have the resources required to ensure that data stored on any of the hundreds of sites we host is in compliance with all legal and policy requirements.
  • UNT System’s Information Security Officer has determined that Central Web Services’ shared hosting architecture does not meet the standards required for compliance with the various relevant state and federal laws.

What do I do if my site collects or stores Sensitive Data, or I may have the need to do so?

Simply contact Central Web Services by submitting a support request and we will gladly work together with you, Information Security and any other applicable groups. It is ITSS’s goal to ensure that your business needs are met while ensuring compliance with all applicable policy and law.

Resources

 

Revised: 5/19/2021