UW Data and Your Responsibilities
University of Washington employees depend on UW data to support coordination and collaboration, effective decision support, and efficient operations University-wide. Be mindful that UW data are owned by the UW, regardless of where they are created, managed, or stored (e.g. email, UW systems, Google or Microsoft cloud services, personal smartphones, iPads or other mobile computing devices).
As a UW employee, you are responsible for protecting UW data, such as student records, health information, financial data, and other forms of personally identifiable information. Part of your responsibility includes knowing the applicable APSes, standards and guidelines. Please see http://passcouncil.washington.edu/psg/ for a complete list.
For further information, please contact the following resources
The University of Washington is committed to protecting the privacy and confidentiality of personal information related to students, faculty, staff, and other individuals associated with the University. The University recognizes the risk and impact that the improper disclosure of SSNs can have on individuals who have entrusted this information to the organization.
Everyone who is accountable for the management or use of SSN data must also become familiar with other university-wide and departmental policies and procedures related to records management and security, which are published separately.
For more information about policies, training, and Frequently Asked Questions (FAQs) in relation to the protection of SSN data, please see:
UW Resources for Safeguarding Social Security Numbers (SSNs) from the PASS Council
Here’s an excerpt from the policy:
To avoid or reduce Internet fraud, University units, including, but not limited to education, research, patient care, and service areas (internal and external to the University), and University workforce members shall not:
- Send unsolicited email (where the recipient has not granted permission for the message to be sent) to individuals that asks them to reply with confidential information; and
- Send unsolicited emails to individuals that ask them to click embedded links to University web self-service transactions that require entry of confidential information.
Unsolicited email does not include email sent from a University unit, including, but not limited to education, research, patient care, and service areas (internal and external to the University), to individuals who receive services from, or have an ongoing relationship with, the unit.
The Office of the CISO has information about phishing risks and best practices: http://ciso.washington.edu/resources/risk-advisories/phishing/