Mandatory Guidelines for Student Employee Supervisors
The university's reputation and effectiveness depend on the ability of all employees to manage the university's data and records with care and discretion regardless of its form (electronic, oral, written). ECU's student employees and volunteers are no exception to this mandate, and it is the supervisor's responsibility to ensure that student workers/volunteers understand compliance guidelines concerning sensitive or confidential information.
Supervisors should review the Student Data Confidentiality Checklist and direct that new student hires/volunteers review the Student Confidentiality & Sensitive Data Guidelines available via Blackboard. All ECU students hired into any job type, internship or volunteer position, must complete the Student Employee Confidentiality Agreement available via Blackboard course.
If a student hire cannot access the agreement, please contact firstname.lastname@example.org with both the userid and ECU ID of the student. Copies of the agreement and guidelines are also posted in the Student Employment Resource Folder maintained by the Student Employment Office for student supervisors. To receive access to this folder, send an email message to Jane Rahm at email@example.com.
If you have any questions, please feel free to contact the Student Employment Office at 252.737.4473.
To learn more, visit the Sensitive Date website.
Student Employee Confidentiality & Sensitive Data Guidelines
- Never share your PirateID or passphrase with anyone.
- Never use someone's PirateID to access computer systems.
- Use strong passphrases.
- Protect your passphrase (don't stick it on your computer or desk, don't email it to your personal email account, don't keep it unencrypted in a file on your computer, etc).
- Do not copy or download sensitive data (student records, patient data are two examples) from the university's administrative systems to your PC, Web server, smartphone, laptop, flash drive, etc.
- Never download or copy confidential or sensitive data to your home computer.
- Do not create databases or applications that use SSNs or driver's license numbers as identifiers or key fields.
- Never send confidential or sensitive data electronically unless it is encrypted and authorized by your supervisor.
- Do not send confidential or sensitive data via text, IM or any other electronic means of communication such as Facebook, Twitter, etc. Transmission or storage of confidential or sensitive data is not approved for these communication tools.
- Do not access unauthorized or social networking websites while conducting university business. These sites sometimes contain vulnerabilities that, if downloaded to the university's computer system, could compromise confidential or sensitive data.
- Protect printed confidential or sensitive data by storing it in a locked desk, drawer or cabinet.
- Don't leave unattended sensitive data on a copier, FAX or printer.
- Shred to dispose of confidential or sensitive information.
- Follow department guidelines for data retention.
- Your supervisor should make available to you the appropriate training for working with confidential or sensitive data.
- Your supervisor should make available to you the appropriate training on the appropriate access to and use of the university's administrative systems.
- Avoid social engineers who trick users into sharing sensitive information over the telephone, email or other means.
- Lock your computer when not in use – including when you go to lunch or leave for the day.
- Secure your portable devices.
- When in doubt, ask your supervisor!