Ursinus College Uniform Employee Agreement Regarding Confidential and Proprietary Information
I understand that my access to confidential data, information, and records (hereinafter “Confidential Information”) whether written or maintained in Ursinus College’s computer systems (hereinafter “Computer Systems”) is limited to my need to know for the purpose of performing my duties as a college employee.
Access to Confidential Information via Computer Systems may only be requested by supervisors and data owners via the “Employee Resource and Access Request Form” available at http://campusweb.ursinus.edu/intranet/apps/EmployeeRequest/default.aspx .
Access to certain information or specific computer systems may have additional security requirements beyond those contained in this agreement.
Confidential Information includes, but is not necessarily limited to, Social Security numbers, confidential personnel records, confidential medical records (records covered by federal law under the “Health Insurance Portability and Accountability Act of 1996”), student education records (records covered by federal law under the “Family Educational Rights and Privacy Act of 1974” and Ursinus policy under “Confidentiality of Student Records, 1996”) and credit card information (records covered by Payment Card Industry Data Security Standard).
By my (electronic) signature below, I acknowledge that I have been advised of, understand, and agree to all the policies outlined in the “Responsible Use of Ursinus College Information Technology Resources” available at Responsible Use and any policies and legal requirements regarding the distribution of copyrighted material, including unauthorized peer-to-peer file sharing, available here, as well as any pertinent sections of the Faculty Handbook, and any relevant Human Resources policies located here.
In addition, I understand that I am expected to adhere to the following statements:
- I will only use my authorized access to Confidential Information in the performance of the duties assigned to me as a College employee.
- I will avoid disclosure of Confidential Information to unauthorized persons without the appropriate consent or permission or except as permitted under applicable College policy and/or Federal or State law. I understand and agree that my obligation to avoid such disclosure will continue even after I leave the employment of Ursinus College.
- I will promptly report any and all violations or suspected violations of security policies to firstname.lastname@example.org or the CIO. I will also report any inappropriate or non-essential access to Confidential Information.
- I will maintain all personal Computer System logins and passwords assigned to me in confidence. I will not disclose passwords to any other person or authorize others, whether in the employ of the college or not, to use my passwords and account information for any purpose.
- I will utilize my computer(s) in a secure fashion; I will not allow unauthorized individuals to use my workstation or laptop. I will always lock or logout of my workstation when leaving it unattended. In addition, I will select secure passwords that will be changed regularly. Passwords will not be written down and stored in an insecure fashion.
- I will never require nor request that individuals send Confidential Information via an insecure method (e.g. e-mail) for a College related purpose.
- I will never send Confidential Information over the internet to a third party, unless for an authorized and approved business purpose. If I am sending Confidential Information to an authorized third party, I will only use secure connections and any Confidential Information will be encrypted.
- I will never send documents containing Confidential Information through postal mail, except on applications or on forms when required by law.
- I will not post, copy, enter or otherwise provide Confidential Information to any unauthorized third party applications or websites. This includes but is not limited to, social media sites, survey services, cloud storage providers, cloud based document editors or third party e-mail systems.
- If I am using College provided systems, or approved third party systems, which provide web based access to Confidential Information I will not use mechanisms that automatically remember my password; I will also ensure that Confidential Information is not stored in cache files on my computer by clearing my browser’s cache files upon exit.
- I will comply with all controls established by Information Technology for the use of Confidential Information maintained within any Computer Systems.
- I will exercise care to protect Confidential Information against accidental or unauthorized access, modifications, disclosures, or destruction.
- I will ensure that if I store or travel with any Confidential Information, whether in electronic or physical form, I will take appropriate security measures to prevent damage, loss or theft. This includes the use of encryption on any files containing Confidential Information that are stored on a laptop or removable media.
- When discussing Confidential Information with other employees in the course of my work, I will exercise care to keep the conversation private and not be overheard by others who are not authorized to have access to such Confidential Information. I will not store nor leave printed or written Confidential Information in plain sight of third parties.
- I understand that any violation of this Agreement, the Responsible Use Guide, Health Insurance Portability and Accountability Act of 1996, “Family Educational Rights and Privacy Act of 1974” and Ursinus policy “Confidentiality of Student Records, 1996”) or HEOA statement may result in immediate termination of my access to Computer Systems and could constitute just cause for disciplinary action including termination of my employment regardless of whether criminal or civil penalties are imposed.