Trinity College is starting a new security initiative. Departments will be appointing key colleagues to enhance security practices in their area. The Risk Management Team provides a Written Information Security Program.
The college is committed to protecting the security and privacy of information. College employees routinely have access to sensitive data, some of which is protected by Federal, State or local laws.
Protecting Confidential Information
Personal Information (PI) is defined as any data that contains an individual’s first name and last name (or first initial and last name) in combination with any of the following data elements that relate to the individual:
(a) Social security number;
(b) Date of birth;
(c) Driver's license number or government-issued identification card number; or
(d) Financial account number, or credit or debit card number that would permit access to a person's financial account number, with or without any required security code, access code, personal identification number, or password.
To safeguard PI or other confidential data, here are some general rules that must be followed:
- Never store PI or confidential data on any mobile devices, including notebook computers, smart phones, external hard drives, USB thumb drives, etc.
- Paper records containing PI or confidential information must be kept in locked files.
- Electronic records containing PI or confidential information must be stored on secure servers, and, when stored on authorized desktop computers, must be password protected.
- When it is necessary to remove records containing PI or confidential data off campus, employees must safeguard the information and never leave them unattended.
- When there is a legitimate need to provide records containing PI or confidential information to a third party, electronic records are password-protected and encrypted, and paper records are marked confidential and securely sealed.