Home ›
Policies & Standards ›
Information Technology Standards ›
Highly Sensitive Information Handling Standard

Highly Sensitive Information Handling Standard

Adopted: June 2009

Revised: April 2009

Minor revision: June 2009

1. Rationale and Background

The University Information Security Policy requires controls to manage risks to the confidentiality, integrity and availability of University information. This handling standard defines the controls required for highly sensitive University information in any form. These required controls represent a minimum standard for protection of highly sensitive University information. Additional controls required under applicable laws, regulations, or standards governing specific forms of data (e.g., health information, credit cardholder data), may also apply.

Each individual who creates, uses, processes, stores, transfers, administers, and/or destroys highly sensitive University information is responsible and accountable for complying with this standard.

In addition to compliance with this standard, all computers owned by the University and/or connected to a University network must comply with the Security Configuration Standards and Server Management Baseline Standard, as applicable.

2. Creation

University employees create records as part of the normal course of conducting the business of the University. These records document the decisions and activities of our complex educational and business enterprise. It is essential that they be created and maintained appropriately throughout their entire life cycle.

Highly sensitive information contained in University records constitutes an area of critical concern because of the severe risk to the University should records be mishandled or information inappropriately accessed or disclosed. As a consequence, records containing highly sensitive information should exist only in areas where there is a legitimate and justifiable business need, as authorized by the Data Steward, and maintained under strict controls as outlined in this document.

Campus departments should work to identify and track all University records through their life cycle by way of records retention schedules (prepared in collaboration with the University Archives). A first priority in this effort should be the identification of highly sensitive information. Records schedules will document the existence of these materials, the rationale behind keeping them, and help ensure their availability during the period in which they are vital as either active administrative or historical records. Record retention schedules also will work to ensure the timely disposal of non-permanent, inactive records, thereby mitigating the risk of exposure of information when it no longer serves an active administrative or historical function.

3. Access

Highly sensitive information requires strict control, very limited access and disclosure, and may be subject to legal restrictions. In some cases, information is highly sensitive because of its aggregation into a single document, regardless of whether it contains highly sensitive data elements. The Chairperson of the Information Governance Committee will determine governance for new information types that do not belong specifically to a single committee member.

Only University employees who have authorization from the relevant Information Governance Committee members, and have a signed confidentiality agreement on file, may have access to highly sensitive information. Any other disclosure of highly sensitive information requires the written approval of the appropriate Officer of the University, in consultation with the Office of General Counsel as necessary.

4. Use, Transmission and Storage

The following controls are required when using, transmitting or storing highly sensitive information.

Do not discuss or display it in an environment where it may be viewed or overheard by unauthorized individuals.
Do not leave keys or access badges for rooms or file cabinets containing such information in areas accessible to unauthorized personnel.
When printing, photocopying or faxing it, ensure that only authorized personnel will be able to see the output.
Store paper documents in a locked drawer and in a locked room, or in another secure location approved by the Data Steward.
Properly identify such information as highly sensitive to all recipients, by labeling it "Highly Sensitive," providing training to personnel, explicitly mentioning the classification, or similar means.
Encrypt electronic information using an encryption algorithm approved by the Office of Information Technologies when placing it on removable media, placing it on a mobile computer (e.g., laptops, PDAs, smart phones), or sending it via e-mail to non-nd.edu addresses
Do not send this information via instant message or unsecured file transfer unless it is encrypted.
Follow an established and documented software development lifecycle when building applications that process highly sensitive information.

5. Transport

The following controls are required when transporting highly sensitive information:

When sending paper copies of highly sensitive information to off-campus locations via United States Postal Service, UPS or FedEX, information must remain secure. Consult with the appropriate Data Steward for specific handling restrictions.

When sending highly sensitive information by campus mail in non-electronic form, the sender should consult with the appropriate Data Steward for proper handling procedures. Such handling procedures might include using a security envelope with sealed flap inside a second envelope, stamping "Confidential" on the inner and/or outer envelope seal, or signing the envelope seal.

When carrying highly sensitive information, or devices containing such information, ensure that it is physically secure at all times.

Do not remove highly sensitive information from an approved secure location without prior approval of the Data Steward.

6. Destruction

University records should be destroyed only in accordance with the Archives and Records Management Policy.

Destroy electronic instances of University information using an OIT-approved method described for computers here, and for external devices here. Reformatting a hard drive is not sufficient to securely remove all data.
Crosscut shred or pulp all highly sensitive information in paper form. This includes all transitory work products (e.g., unused copies, drafts, notes).

7. Definitions

7.1 Data Handling 

Using, storing, processing, transferring, administering, aggregating, sharing, and/or maintaining University information.

7.2 Data Steward

 An individual who is responsible for ensuring the confidentiality, integrity, and availability of University information. A Data Steward defines access to and restrictions on use of the information for which he or she is responsible.

7.3 Encrypt(ion) 

The process of encoding data so that it can only be read using the appropriate key.

7.4 Information Security 

The protection of the confidentiality, integrity, and availability of University information.

7.5 Security Classifications

 Categories of University information based upon intended use and expected impact if disclosed.

Public:  Information intended for public use that, when used as intended, would have no adverse effect on the operations, assets, or reputation of the University, or the University's obligations concerning information privacy.
Internal : Information not intended for parties outside the University that, if disclosed, would have minimal or no adverse effect on the operations, assets, or reputation of the University, or the University's obligations concerning information privacy.
Sensitive:  Information intended for limited use within the University that, if disclosed, could be expected to have a serious adverse effect on the operations, assets, or reputation of the University, or the University's obligations concerning information privacy.
Highly Sensitive : Information intended for very limited use within the University that, if disclosed, could be expected to have a severe adverse effect on the operations, assets, or reputation of the University, or the University's obligations concerning information privacy.

7.6 Software Development Life Cycle 

A set of formal methods used to develop applications to help ensure that they meet expectations for quality, cost, and function.

7.7 University Information 

All information that the University of Notre Dame or its agents use in the course of conducting University business, except those materials specifically excluded from University ownership as set forth in the University's Intellectual Property Policy.

7.8 University Records

 Recorded information, in any form, created or received in the course of conducting University business and kept as evidence of such activity, excluding transitory work products.