Data privacy is the protection of personal information, which is collected, processed and stored for business and academic use.
Data privacy and protection standards at Towson University require that every employee takes appropriate measures to safeguard the confidentiality, integrity, and availability of data throughout its lifecycle, from creation to destruction.
Towson University categorizes data into three types (Public, Protected, and Confidential) to provide guidance on the proper handling of that data:
Data intended for general public use. An example is the University’s online directory.
All data which are not legally restricted and which may be accessed, without restriction, by University employees in the performance of official University business. Examples include, but are not limited to business forms, SharePoint sites and class syllabi.
Confidential data is sensitive information, other than public data, that needs to be protected from unauthorized access (data as defined under FERPA, HIPAA, PCI or other federal law). Examples include, but are not limited to medical records, financial data, credit card payment data, grades, background checks for employment or business related information, and Personally Identifiable Information (PII).
PII , as defined in the Maryland Code under State Government Article, §10-1301, is an individual’s first name or first initial and last name, personal mark, or unique biometric or genetic print or image, in combination with one or more of the following data elements:
Requirements for handling and protecting all of the University's institutional data are described in the Data Use Standards (PDF).
Watch this video to learn more about handling confidential data at TU:
To learn more about how TU manages and utilizes data and to view data-related policies, visit the University's Information Technology Policies webpage, and review roles and responsibilities as applied to Data Governance.