RIT
Information Security

Legal Responsibilities and Information Handling at RIT

New York State and the federal government have issued information handling requirements for organizations such as RIT.

What do I need to do?

Faculty and staff at RIT are responsible for protecting RIT Confidential information through creation, transfer, storage, and disposal. All RIT employees must understand the importance of secure information handling practices as they relate to state and federal law.

New York State has issued two laws regarding handling and disposal of information about individuals that can be used to conduct identity theft. Make sure you understand the following two laws and how they might impact you and the information you handle.

What is RIT Confidential information?

RIT Confidential information refers to information that is accessed or communicated on a need to know basis that, because of legal, contractual, ethical, or other constraints, may not be accessed without specific authorization.

How should I handle RIT Confidential information?

Specific procedures for handling RIT Confidential information are defined in your department’s Information Access & Protection Plan. Contact your manager for more information about your department’s IAP Plan.

You can also take our Digital Self Defense 103: Information Handling workshop to learn more about handling RIT Confidential information.

What about University Identification Numbers (UIDs)?

The UID number in combination with identity information would be considered "personal identifying information" and would require disposal as outlined by the law. As a result, faculty may not post student grades with UIDs.