All University employees and/or persons with access to University data have a responsibility to respect the highest level of privacy for all members of the University community.
- Do not store personally-identifiable information (PII) about others on either desktop computers, or any portable media (such as laptops, flash drives, etc), even though it may be convenient to do so. The convenience of having the information is not be worth the risk of exposing someone else's identity to theft, and exposing you and the University to the liability and bad publicity that may follow.
- Do not store sensitive information on web servers or other machines that are open to the public. Web servers draw outside users, and provide security holes if they are not constantly patched and kept up-to-date.
- Leave data on the server. Avoid copying or downloading sensitive data from the University's administrative systems to your desktop computer, laptop, web server, PDA, etc. unless absolutely required. Make sure you have permission from your department administrator before downloading.
- Do not send unencrypted sensitive data via email. Email messages can be intercepted by third parties.
- Lock your office doors if no one from your department will be in the office. Protect printed sensitive data in a locked desk, drawer, or cabinet. Don't leave unattended sensitive data on a copier, fax machine, or printer. Shred sensitive data that needs to be discarded.
- Shut down your PC when you leave for the day
- Screen lock computer workstation when leaving it unattended
- Don’t allow anyone else access to your computer in your absence.
- Manage passwords wisely
- Use strong passwords
- Do not post passwords near or on computers
- Never give anyone else your login password, or any password.
- MORE on passwords...
- Use secure connections to access resources. Use the VPN access to securely connect to the Northern network while at home or away.
- Remove all data from all devices (computers, PDAs, cell phones, etc) BEFORE they are transferred to another user or department, sold, or otherwise disposed of.
- use the University ID number of a student in a public posting of grades or any other information.
- link the name of a student with that student’s University ID number in any public manner.
- leave graded tests, papers, or other student materials for students to pick up in a stack that requires sorting through the papers of all students.
- circulate a printed class list with student name and University ID number, photo, or grades as an attendance roster.
- discuss the progress of any student with anyone other than the student (including parents) without the consent of the student.
- provide anyone with lists or files of students enrolled in your classes to anyone.
- provide anyone with student schedules or assist anyone other than university employees in finding a student on campus.
- access the records of any student for personal reasons.
- store confidential student information on any computer unless that information is required and secure from intrusion.
If you’re in doubt about a request for student information, contact the Registrar's office.
Report any fraudulent attempts to obtain student information to the Registrar, who can then report the attempt to the appropriate law enforcement agencies.