Know the Code - Principle 6


Members of the University community have access to and maintain confidential information of many different types, including education records subject to FERPA, faculty and staff records, information regarding alumni and donors, and confidential or proprietary business information relating to the University. Members of the University community are expected to educate themselves about and to comply with applicable legal, contractual, or policy requirements for maintaining the confidentiality of such information.

UR community members are expected to:

Complete all trainings covering privacy and maintaining confidentiality assigned by the University.

Follow all laws, University policies, and agreements with third parties regarding access, use, protection, disclosure, retention, and disposal of public, private, and confidential information;

Respect the privacy of all information records, whether student, employee;

Follow document retention and disposal policies;

Maintain information security using appropriate electronic and physical safeguards; and

Fulfill any applicable requirements when one's relationship to University is terminated. The obligation to preserve confidential information continues even after one's employment and/or relationship with the University ends.

Examples of Prohibited Conduct

  • Disclosing protected student or patient information without verifying permission to do so.
  • Leaving sensitive information unsecured.
  • Lack of appropriate controls to ensure that financial information including credit card numbers is appropriately secured.
  • Failure to immediately report a data breach.