To Home Page To Home Page
General Description
Requirements
Policy Provisions
Performance Evaluation
Subject Experts
Definitions of Confidential and Sensitive Information (CSI)
Policy
Document Number: REDFLAG--102 Revision #: 1.0
Document Owner: Executive VP Date Last Updated: 08/17/2012
Primary Author: Executive VP Status: Approved
Date Originally Created: 12/14/2011
General Description
Description:

Information about confidential and sensitive information (CSI).
Purpose:

Delineation of policy and definitions.
Scope:

All faculty, staff, students, and administrators
Responsibility: Administration
 Executive VP
 VP of Business and Finance
Back to Top
Requirements
Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
 Federal statutes
 Standard company policies
 Standards of good practice
 State statutes
Terms and Definitions: Additional training
Corrective Action
Fine
Loss of privilege, general
Termination
 Staff members who knowingly and blatantly violate this policy may be terminated.
Back to Top
Policy Provisions
1.

Definitions of Confidential and Sensitive Information (CSI)

Confidential and Sensitive Information includes, but is not limited to, the following identifiers whether contained in hard copy or electronic format.

 


1.1

Personal Information

1. Social Security Number

2. Social Insurance Number

3. Date of Birth

4. Mother’s Maiden Name

5. Driver’s License Information

6. Professional License Information

7. Paychecks, Pay stubs, Pay rates

8. Passport Information

 


1.2

Financial Information

1. Credit Card Numbers

2. Credit Card Expiration Dates

3. Credit Card CCV Numbers

4. Bank/Credit Union Account Numbers

5. Billing Information

6. Payment History

 


1.3

Medical Information

1. Medical Records

2. Doctor Names and Claims

3. Health, Life, Disability Insurance Policy Information

4. Prescription Information

 


1.4

Business Information

1. Federal ID Numbers

2. Proprietary Information

3. Trade Secrets

4. Business Systems

5. Security Systems

6. Employee Identifiers

7. Student Identifiers

8. Access Numbers / Passwords

9. Customer, Student, Patient Identifiers

10. Vendor Numbers

11. Account Numbers

 
2.

Account

An account is a body of information, or a record, or an individual, group, or entity that is kept for the purpose of transacting on an on-going basis with another individual, group, or entity. The terms “accounts” and “records” are used interchangeably because they share similar functions and characteristics. Both contain identifiable information on an individual,

group, or entity. They each allow for access to products or services, and keep a history of transaction activity.

 


3.

Covered Account

Both new and existing accounts where a continuing relationship exists between the University and an individual, group, or entity are considered “covered accounts.” There are two definitions.

 

1. An account that the University offers or maintains, primarily for personal, family, or household purposes, that involve or is designated to permit multiple payments or transactions. Examples include a credit card account, tuition and fee payment, bookstore purchases, and/or other financial transactions of matriculated and non-matriculated students and of employees.

2. Any other account that the University offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation or mitigation risks.

 


4.

Electronic or Soft Copy Format

Electronic or Soft Copy Format refers to any Confidential and Sensitive Information that exists electronically on CDs, DVDs, phones, computers, networks, portable devices, etc.

 


5.

Hard Copy Format

Hard Copy Format refers to any Confidential and Sensitive Information that exists physically on paper.

 


6.

Physical Access Zone

A physical access zone is a clearly defined physical or implied boundary established to control and limit access to CSI areas.

 


7.

Red Flags

Red Flags are patterns, practices, or specific activities involving covered accounts that indicate the possible risk of identity theft.

.


8.

Service Provider

A service provider is any individual, group, or entity that directly provides a service to the University or on behalf of the University for its customers or clients.

 


9.

Spoken Word

Spoken Word refers to the transfer of Confidential and Sensitive Information verbally or audibly through electronic media.

 
Back to Top
Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
 Compliance with federal mandate
Consequences: Further training
 Job Termination
 Loss of privileges
Back to Top
Subject Experts
The following may be consulted for additional information.
Executive VP
VP of Business and Finance
Back to Top
This page created 10/30/2012 using Zavanta® version 5.0