Sensitive Information
The UNC Information Security Office has also created an updated guideline for storing and sharing sensitive information within Office 365.
- Drivers License or State ID Numbers
- Tax ID numbers (other than UNC’s) or Employer Identification Number
- Credit Card numbers, Bank Routing numbers with account numbers, or PINs
- Social Security Numbers or Passport Numbers
- Biometric data or fingerprints used for identity verification
- Digital Signatures
- Financial Acct Access Data: Data or tokens used to verify identity for Financial Account Access
- GLBA Financial Data: Information on Loan, Investment, Insurance, or other financial instruments
- HIPPA Data – Protected Health Information: Information about the past, present, or future physical or mental health or condition that is identifiable to an individual
- Educational Records – FERPA: Non-directory information about student work, attendance, or performance protected by FERPA
- Card Holder Data PCI: Financial Card Holder Data
- Non-Directory Personnel Data: Data about employment or employee performance that is not public under state open records rules
- Public Records Act Confidential: Protected state records as defined by the NC Public Records act -NC GS 132. Incl. Emergency Response plans, Security Plans, or detailed plans and drawings of public buildings and infrastructure facilities, et al.
Approved
- Office 365
- Sharepoint (within secure folders)
- OneDrive for Business
- SecNAS
- Portable Devices (laptops, thumb drives) – MUST use encrypted hard drives
Not Approved
- Shared Drives (storage.unc.edu)
- C drive, local drive, desktop
- FacDraw and FacHome
Internally
Approved
- University email (Office 365/Exchange)
- Within ConnectCarolina using ImageNow
Not approved
- Phone SMS, text, messenger, WhatsApp, etc.
Externally
To receive SI from outside party
- Fax or Phone
- Email (no guarantee of security for outside party)
To send SI to outside party
- No approved way