Confidentiality of Human Resources Information

Summary of Personal Responsibilities

Highly confidential information, such as the information available in Human Resources records and reports, must be secured and must never be shared.

While much of the information security policy focuses on our legal obligations and the process of determining and communicating the sensitivity of information owned by or entrusted to the University, it also contains a number of requirements to which anyone who handles such information must adhere. In summary:
  • You are responsible for your use or misuse of confidential information.
  • You must not in any way divulge, copy, release, sell, loan, review, alter or destroy any information except as properly authorized within the scope of your professional activities.
  • You must take appropriate measures to protect confidential information wherever it is located, e.g., held on physical documents, stored on computer media, communicated over voice or data networks, exchanged in conversation, etc.
  • You must safeguard any physical key, ID card or computer/network account that allows you to access confidential information. This includes creating computer passwords that are difficult to guess.
  • You must render unusable confidential information held on any physical document or computer storage medium (e.g., diskette, CD, magnetic tape, hard disk) that is being discarded.
  • You must report any activities that you suspect may compromise confidential information to your immediate supervisor or to the University IT Security Officer.

For the rest of this policy, please see: