Increasingly, confidential information about employees, students and others resides in W&L's information and business systems to assist with overall operations. Laws and regulations dealing with information and data privacy and security obligate employers and institutions of higher education to take affirmative steps to safeguard confidential information and deal with the risks of information security and privacy breaches proactively.
The purpose of this policy is to inform employees, student workers, and volunteers of their duty to protect and safeguard all confidential information acquired during the course of employment or service to Washington and Lee University.
This policy applies to all faculty and staff employees, student workers, and volunteers of Washington and Lee University.
Confidential Information includes, but is not limited to: any personally-identifiable student and parent records, financial records (including social security and credit card numbers), and health records; contracts; research data; alumni and donor records; personnel records other than an individual's own personnel records; University financial data; computer passwords, University proprietary information/data; and any other information for which access, use, or disclosure is not authorized by: 1) federal, state, or local law; or 2) University policy or operations.
The following principles govern confidentiality at Washington and Lee University:
- Documents and files (both electronic and hardcopy) containing confidential information are to be accessed, used, and disclosed only with explicit authorization and only on a need-to-know basis for either an employee's job functions or volunteer's service.
- All employees, student workers, and volunteers have a duty to use available physical, technological, and administrative safeguards, in accordance with University policies and procedures, to protect the security of all confidential information in whatever form or medium.
- Violation of this policy may result in disciplinary action being taken against the responsible employee, student worker, or volunteer. Disciplinary action may include, but is not limited to, suspension, termination of employment, and/or possible criminal or civil prosecution under Federal or State statutes.
- Upon conclusion of an employee's employment or of a student worker or volunteer's service, or upon request of a supervisor, employees, student workers, and volunteers will return originals and copies of all documents and files (whether electronic or hardcopy) containing confidential information to the University and relinquish all further access to and use of such information.
Nothing in this policy prohibits employees from discussing the terms and conditions of their employment as authorized by law.
4/9/2012 -- Revised policy section to clarify applicability to discussion of terms and conditions of employment.