The University of Georgia is committed to the responsible use of sensitive information collected from and about its students, faculty, staff, business partners and others who provide such information to the university. This commitment is in accordance with both state and federal regulations concerning the use of sensitive information. Such sensitive information includes information that could be used to cause financial harm or reputational harm to any individual. This policy applies to personally identifiable sensitive information and how it is collected.
The purpose of this policy is to protect the privacy of individuals who have sensitive information stored (either in electronic or paper form) on assets owned by The University of Georgia, while at the same time providing the University the ability to share this information with authorized entities as required by policy or law.
The responsible use of sensitive information requires that the University respect individual privacy, protect against identity theft and other unauthorized uses, and comply fully with all laws and government regulations in the collection, use, storage, display, distribution and disposal of such information. Authorized uses of sensitive information within the University are limited to uses which a) are necessary to meet legal and regulatory requirements; b) facilitate access to services, transactions, facilities and information; or c) support efficient academic and administrative processes.
Access to sensitive information is limited to:
Social Security numbers are always considered confidential and are therefore subject to the access restrictions described above. The University will continue to collect and maintain Social Security numbers in all instances in which that number is required by law for reporting or other uses. This includes, but is not limited to, all enrolled students who are U.S. citizens or permanent residents. In addition, the University will continue to use Social Security numbers, as allowed by law, for operational purposes for which there is no reasonable substitute.
The University, its faculty, staff, and students must abide by all state legal regulations pertaining to Social Security Number protection.
It is against both state law and University policy to:
Each University department/unit is responsible for implementing, reviewing and monitoring internal policies, practices, etc. to assure compliance with this policy.
The Office of Chief Information Officer is responsible for enforcing this standard.
Violation of this policy may incur the same types of disciplinary measures and consequences as violations of other University policies, including progressive discipline up to and including termination of employment, or, in the cases where students are involved, reporting of a Student Code of Conduct violation.