Fordham University is committed to respecting and protecting the privacy of individuals’ personal data. The University takes appropriate measures to ensure personal data is stored securely, used only for legitimate purposes, and not shared inappropriately.
What is Data Privacy? Is it the same as Security?
Security and privacy are both required to protect Fordham assets and the data privacy of its community members. Data Privacy is about protecting individuals’ privacy rights and the laws, practices, and policies guiding how information is collected, stored, used, and shared. However, data privacy cannot be maintained without appropriate security controls. Security is about the tools and processes used to safeguard systems and data from threats/cyberattacks, prevent unauthorized access or corruption of data integrity, and maintain availability.
Who is responsible for Data Privacy at Fordham?
We all share responsibility for protecting against the misuse or unauthorized disclosure of the personal information entrusted to us by our faculty, staff, students, applicants, alumni, donors, and friends. Personal information must be collected, used, shared, stored, and disposed of using established protocols and only for the proper conduct of Fordham business.
What data is considered Personal?
Personal data is information relating to an individual’s personal and identifiable identity. Examples include name, government-issued identification number (e.g., Social Security number, state ID), contact info, images, account/transaction details, online identities (email or IP addresses), and location data.
Does Fordham have a Privacy Policy?
The University’s Privacy Policy provides guidance on the responsibilities for safeguarding data privacy. Employees should consult with their supervisor and/or the Office of Legal Counsel when uncertain about the use, disclosure, and retention of University records.
How does Fordham safeguard employee privacy?
The personal data of employees is protected by several Data Privacy Laws and Regulations (see below). Additionally, Fordham has several internal policies that include limitations on the release of employee information outside of the University and protections from unauthorized internal disclosure.
What can I do to protect my individual privacy?
- Secure your accounts – use strong and unique passwords.
- Avoid malware – malicious software can collect private information. Only download software from trusted sites and keep your software up to date.
- Learn how to spot fraudulent (phishing) emails that collect personal information and may result in financial loss or identity theft.
- Be careful online – share with care. Personal information posted to social media or via messaging services may no longer be in your control.
- Use privacy settings on online accounts to limit who can view what you share.
With which Data Privacy Laws and Regulations must Fordham abide?
- Family Education Rights and Privacy Act (FERPA) – provides students specific rights of access, privacy, and protection of education records.
- Health Insurance Portability and Accountability Act (HIPAA) – regulates the use and disclosure of Protected Health Information (PHI), including health status, medical records, and the history of provision and payment of health care.
- Gramm-Leach-Bliley Act (GLBA) – protects consumers’ personal financial information held by financial institutions, including universities that administer loans and other financial aid. Payment Card Industry Data Security Standards (PCI DSS) – designed to help prevent cardholder fraud and identity theft with requirements for handling credit card information, merchant classification, and validation of merchant compliance.
New regulations have introduced more tightly managed procedures for processing personal data and documentation requirements, including but not limited to:
- GDPR – imposes strict requirements on the use of personal data of any person physically within the European Economic Area (EEA). Fordham processes the personal data of EEA data subjects when offering them goods or services, in research programs and internships, and at the London Centre.
- CCPA – the California Consumer Privacy Act grants consumers rights to their personal information collected by businesses and requires businesses to be transparent on how they use consumer personal data.
- SHIELD – NY’s Stop Hacks and Improve Electronic Data Security Act enhances New York residents’ data privacy by expanding the definition of protected data and enhancing breach notification requirements.
Are Data Privacy resources available?
- University and IT Policies to identify rules and appropriate user behaviors
- Data Handling Guidance to ensure data is stored on appropriate platforms
- Security Awareness Training to learn how to recognize privacy risks and avoid them
- Information Risk Management Board (IRMB) to review and manage technology risks, including privacy risks
- IT Security Incident Reporting via the Fordham University Integrity Hotline or through IT Customer Care
- privacy@fordham.edu to contact Information Security and Assurance on privacy-related matters
- blog.fordham.edu for information on privacy regulations and data protection efforts