Student Employee Data Confidentiality Agreement

I acknowledge that I understand that, as a student employee of East Carolina University (ECU), I have an obligation to protect any and all confidential and/or sensitive information that I obtain in the course of my employment, whether printed, written, spoken or electronically produced. I further understand and agree to seek my supervisor's direction if questions arise with respect to access, use or disclosure of sensitive information. I further understand that all sensitive ECU information must be accessed and maintained in a confidential and secure manner and that I am only authorized to access such information to the extent I am required to do so in the performance of my employment. Information may not be divulged, copied, released, sold, loaned, reviewed, altered, emailed to others or myself or destroyed except as properly authorized by the appropriate university official within the scope of applicable federal or state laws, and university policies and procedures. I also acknowledge my understanding that university sensitive information must not be downloaded to my personal computer, unauthorized person computers, social networking sites, portable devices (flash drive, CD, etc.) or any unauthorized medium. I agree that I will not copy, forge, alter, defraud, download copies or misuse documents, charge cards, money, checks, records, ECU 1 Cards or student photos of an individual or the university. I understand and acknowledge that such conduct may be a violation of law and/or violation of applicable university policy. Misuse of student information is a violation of the Family Rights and Privacy Act of 1974 (FERPA). I accept complete responsibility for my actions, and I understand and acknowledge that any violation of this agreement or failure by me to protect the confidentiality of ECU's information, including but not limited to any kind of unauthorized access, will be considered unacceptable personal conduct and may result in disciplinary action, up to and including dismissal. I also understand that I am obligated to uphold the ECU Student Code of Conduct and that my actions are subject to the review under the ECU Student Code of Conduct.

East Carolina University | Student Employee Confidentiality and Sensitive Data Guidelines

1. Never share your login ID/Pirate ID or passphrase with anyone.
2. Never use someone's login ID/Pirate ID to access computer systems.
3. Use strong passphrases for your password (don't use something that someone who knows you can easily guess [e.g. GoPirates!]).
4. Protect your passphrase (don't adhere to your computer or desk, don't email it to your personal email account, don't keep it unencrypted in a file on your computer, etc.).
5. Do not copy or download sensitive data from the university's administrative systems to your PC, web server, PDA, Laptop, flash drive, etc.
6. Never download or copy confidential or sensitive data to your home computer.
7. Do not create databases or applications that use SSN or driver's license numbers as identifiers or key fields.
8. Never send confidential or sensitive data electronically unless authorized by your supervisor and data is encrypted.
9. Do not send confidential or sensitive data via text, chat sessions and any other electronic means of communication such as Facebook, Twitter, etc. Transmission or storage of confidential or sensitive data is not approved for these communication tools.
10. Do not use social networking sites or access unauthorized websites while conducting university business. These sites can contain vulnerabilities that can be downloaded to the university's computer systems and compromise confidential or sensitive data.
11. Protect printed confidential or sensitive data. Store confidential or sensitive data in a locked desk, drawer or cabinet.
12. Don't leave unattended sensitive data on copier, fax or printer.
13. Don't throw confidential or sensitive data in the trash; shred it when disposing. Follow your departmental guidelines for data retention.
14. Ensure you receive the appropriate training by your supervisor or departmental contact on how to securely access and handle confidential or sensitive data.
15. Ensure you receive the appropriate training by your supervisor or departmental contact on the functional requirements for access to and use of the university's administrative systems.
16. Avoid social engineers who try to get you to share sensitive information over the telephone, email or by other means.
17. Lock your computer when not in use. Secure your workstation and portable devices. Ask your supervisor whenever in doubt!
18. Visit the IT Security website for additional information on protecting confidential and sensitive data.