Skip To Main Content
Site Name Here
MenuSearchA-ZSeven Schools One UniversitySeven Schools One University

Menu

  • Give
  • Apply
  • Visit
Close Menu
About
  • Administrative Offices
  • Campus Maps
  • Core Values
  • Fast Facts
  • Travel and International Services
  • Other USM Schools
  • Policies and Procedures
  • Strategic Plan
  • Sustainability
  • Middle States
  • MPowering the State
  • News
  • University Leadership
  • UMB Experts Guide
Academics
  • Academic Calendar
  • Academy of Lifelong Learning
  • Blackboard
  • Libraries
  • Office of the Provost
  • SURFS
  • UMB Program Explorer
Admissions
  • Financial Aid
  • International Students
  • Military and Veterans
  • Office of the Registrar
Research
  • Breakthroughs Can’t Wait
  • Offices and Contacts
  • Resources for Investigators
  • Services for Investigators
  • UMB Research Profile
University Life
  • Arts and Culture
  • Bookstore
  • Emergency
  • Housing
  • Museums
  • Parking and Transportation Services
  • Rooms Available on Campus
  • SMC Campus Center
  • Student Organizations
  • Student Policies
  • URecFit and Wellness
  • UMB shuttle
  • Welcome to Baltimore
  • One Card
Info For
  • Current Students
  • Faculty and Staff
  • Alumni and Donors
  • Community Members
Resources
  • The Elm
  • Calendar
  • myUMB
  • Directory
  • Blackboard
  • SURFS
  • Emergency
  • UMB Shuttle
Seven Schools One University

Search

Close Menu
Common Searched Terms
  • Graduation 2025
  • Campus Tour
  • Jobs at UMB
  • Parking
  • Tuition Remission
  • Registrar
  • Qualtrics
  • Human Resources
  • URecFit and Wellness
  • Tuition
  • Help Desk

A–Z

Close Menu
    Policies and Procedures

    Information Technology Policies

    1. UMB Home
    2. About UMB
    3. Policies and Procedures
    4. Library
    5. Information Technology
    6. Information Technology Policies
    • UMB HomeAbout UMBPolicies and ProceduresLibraryInformation TechnologyInformation Technology Policies
    • Information Technology Policies
    • Information Technology Procedures

    UMB Protection of Confidential Information

    X-99.16(A)  |  Information Technology  |  Approved April 13, 2015  |  Last Reviewed April 30, 2024

    Responsible VP/AVP: Peter J. Murray, PhD, CAS, MS

    Applies to: Staff

    Revision History

    Approved April 13, 2015.

    Policy Statement

    Data and information are important assets of the University and must be protected from loss of integrity, confidentiality, or availability in compliance with University policy, state and federal law and regulations. 

    The purpose of this document is to provide guidance in  complying with Section III, Item 3, Confidential Information Standard, of the USM IT Security Standards.  This section states that USM institutions are required to establish an institutional policy for the protection of confidential information.

    Purpose

    This policy is intended to provide University of Maryland Baltimore faculty and staff with a basic understanding of their responsibilities to protect and safeguard the Confidential Information to which they have access as a result of their employment.

    Definitions

    PII – Personally Identifiable Information

    PHI – Protected Health Information

    USM has defined confidential data to include:

    Under State Government Article, §10-1301 (SB 676 - 2012), personal information is defined as:
    An individual’s first name or first initial and last name, personal mark, or unique biometric or genetic print or image, in combination with one or more of the following data elements: 

    a social security number;

    a driver’s license number, state identification card number, or other individual identification number issued by a unit; 

    a passport number or other identification number issued by the united states government; 

    an individual taxpayer identification number; or

    a financial or other account number, a credit card number, or a debit card number that, in combination with any required security code, access code, or password, would permit access to an individual’s account.

    Educational Records, as defined and when protected by 20 U.S.C. § 1232g; 34 CFR Part 99 (FERPA), in the authoritative system of record for student grades

    In addition, any Protected Health Information (PHI), as the term is defined in 45 Code of Federal Regulations 160.103 (HIPAA)

    Policy Statement

    To safeguard PII or other confidential data, the general rules below must be followed:

    All employees with job duties that require accessing confidential information are required to safeguard such information and only use it or disclose it as expressly authorized or specifically required in the course of performing their specific job duties.

    Employees are prohibited from sharing their user credentials or permitting another employee to access sensitive information in data bases and/or systems.

    Employees who have access to confidential information are expected to know and understand associated security requirements, and to take measures to protect the information, regardless of the location of the data, e.g., local personal computers, server file shares, physical storage environments (offices, filing cabinets, drawers), and magnetic and optical storage media (hard drives, diskettes, tapes, CDs, flash drives). Computer display screens should be positioned so that only authorized users can view confidential information, and confidential information should be discarded in a way that will preserve confidentiality (e.g., in a shred box, not in a trash can or recycling bin).  Requirements are contained in the UMB Data Classification Matrix. (add link)

    Paper records containing PII or confidential information must be kept in locked files.

    Electronic records containing PII or confidential information must be stored on secure servers.

    PII or confidential data should not be stored on any mobile devices, including notebook computers, smart phones, external hard drives, USB thumb drives, etc.

    When it is necessary to remove records containing PII or confidential data from UMB, employees must safeguard the information and never leave it unattended.

    When there is a legitimate need to provide records containing PII or confidential information to a third party, electronic records must be password-protected and encrypted, and paper records must be marked confidential and securely sealed.

    Employee misuse of confidential information and/or the systems in which the information is stored is a serious breach of job responsibilities and will result in discipline up to and including termination of employment.


    • Back to Information Technology Policies

    University of Maryland Baltimore

    The University of Maryland, Baltimore is the founding campus of the University System of Maryland.

    620 W. Lexington St., Baltimore, MD
    21201 | 410-706-3100

    • The Elm
    • Calendar
    • Emergency
    • Mobile UMB
    • UMB Shuttle
    • myUMB
    • Directory
    • IT Help Desk
    • Facilities Work Request
    • Jobs
    • Middle States
    • Strategic Plan
    • Sustainability
    • Clery Report
    • UMB Hotline
    • Facebook
    • Twitter
    • Instagram
    • LinkedIn
    • YouTube
    The University of Maryland, Baltimore prohibits sex discrimination in any education program or activity that it operates. Individuals may report concerns or questions to the Title IX Coordinator. Read the UMB Notice of Non-Discrimination.
    © 2024-2025 University of Maryland, Baltimore. All rights reserved.
    • Privacy Policy
    • Web Accessibility
    • Web Feedback
    • Non-Discrimination