Protecting Confidential Information

Wellesley College is committed to protecting the security and privacy of information. 

College employees routinely have access to sensitive college data (electronic and physical), some of which is protected by Federal, state, or local laws and regulations.  As such, the College maintains a number of policies that outline expectations regarding the protection of this information.

Requirements for Protecting Personal Information

In compliance with Massachusetts regulations ( 201 CMR 17.00 ), College policy establishes additional requirements for safeguarding Personal Information (PI).  For more detailed information about these requirements, see the College’s Written Information Security Program.  

To safeguard PI or other confidential data, here are some general rules that must be followed:

  • Never store PI or confidential data on any mobile devices, including notebook computers, smart phones, external hard drives, USB thumb drives, CDS, etc. 
     
  • Paper records containing PI or confidential information must be kept in locked files.
     
  • Electronic records containing PI or confidential information must be stored on secure servers, and, when stored on authorized desktop computers, must be password protected.  To request access for storage on the College's secure servers click here.
     
  • When it is necessary to remove records containing PI or confidential data off campus, employees must safeguard the information and never leave them unattended.
     
  • When there is a legitimate need to provide records containing PI or confidential information to a third party, electronic records are password-protected and encrypted, and paper records are marked confidential and securely sealed.

* Personal Information (PI) is defined by Massachusetts General Law 93H as any data that contains an individual’s first name and last name (or first initial and last name) in combination with any of the following data elements that relate to the individual:

(a) Social security number;
(b) Driver's license number or government-issued identification card number; or
(c) Financial account number, or credit or debit card number that would permit access to a resident's financial account.

catch of the day

6/4: Phishing: From "IT Help Desk" about OUTLOOK WEB ACCESS

Report phishing 
Identify phishing

SERVICE ALERTS

LTS News

 

In the works