Non-Public University Information Security Awareness

This is a reminder from York College in compliance with the Chancellor's office and the University CIO regarding any system, reports and business processes that contain and/or use non-public University information.

Dear Faculty, Students and Staff

It is essential for all York College employees to maintain the integrity, accuracy and privacy of all personal information of our students, faculty and staff. It is important for you to know that, legally, the theft and/or loss of data are the responsibility both of the college and of the individual responsible for the security breach.

In order to safeguard this type of information and the University interests and its stakeholders as well as mitigate potential impacts that threaten non-public University data, you are required to identify and comply with the procedures that have been put in place for this purpose.

If you are not aware of the procedures or need to view specifics on what actions are needed please visit the CUNY security site at . Review the Security Awareness link as well as Security Policies & Procedures.

The term "Non-Public University Information" is defined in the University IT Security Procedures, section I.2 ( under Security Policies & Procedures), in part as follows:

A.Social Security Number;
B.driver's license number or non-driver identification card number;
C.account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account;
D.personal electronic mail address;

E.Internet identification name (i.e., user ID) or password;
F.parent's surname prior to marriage;
andG.student education records protected under the Family Educational Rights and Privacy Act of 1974.

Non-Public University Information must not be stored, transported, or taken home on portable devices (e.g., laptops, flash drives) of any type without specific approval of both the Vice President of Administration or the equivalent at the College or in the Central Office department and the University Information Security Officer. Where approval is granted, additional password protection and encryption of data are required. In addition, the Non-Public University Information stored on non-portable devices or transmitted between devices (e.g., servers, workstations) must be encrypted. The University has made encryption tools available to staff and faculty to comply with the requirements of this procedure.

Confidential Research InformationPrincipal investigators and others who use CUNY computer resources to store or transmit research information that is required by law or regulation to be held confidential or for which a promise of confidentiality has been given, are responsible for taking steps to protect confidential research information from unauthorized access or modification. In general, this means storing the information on a computer that provides strongaccess controls (passwords) and encrypting files, documents, and messages for protection against inadvertent or unauthorized disclosure while in storage or in transit over data networks.

If you are aware of non-public University data that is not protected as describe above please contact Information Technology immediately. In the meantime the best way to protect yourself and York College is to become aware of the University's procedures and policies by visiting the web site on security.

To report this or any security issues please contact our Service Desk at 5311 or create a YConnect ticket by using our Self Service Portal, YConnect by simply typing the word YConnect on any Explorer browser or going from the York web site login to "Service Desk".

Thank you.

Greg Vega

York College Information Technology Director