Policy 706 - Confidentiality

  1. Home
  2. My St. John's
  3. Policy 706 - Confidentiality

Section: Employee Relations
Policy Number: 706
Responsible Office: HR/HR Services
Effective Date: 4/1/01
Revised: 6/29/04; 7/2/19

Scope

This policy applies to all members of the University community and all contractors, vendors and affiliates acting on behalf of the University.

Policy

All members of the University community are required to maintain the confidentiality of business and nonpublic university records and data entrusted to them, except when disclosure is authorized or permitted by law. University employees may not remove confidential information from the University, or duplicate information, unless authorized by the University to do so. University data and information may only be used for business purposes.

In accordance with federal and state law and University policy, confidential records should never be disclosed without appropriate authorization, and should be maintained in a secure fashion. Violation of confidentiality can result in disciplinary action, up to and including termination of employment.

Student Education Records: FERPA Protections

Certain information and records may be governed by the Family Educational Rights and Privacy Act of 1974 (FERPA).  Consult your supervisor or the Office of the Registrar before disclosing any information about current and former students to any non-University personnel. The Office of the Registrar oversees the University’s FERPA policy and has issued guidelines that are incorporated by reference into the University’s Confidentiality policy. Click here to visit the Registrar’s webpage. 

Protection of Private Data: GLBA

The Gramm-Leach-Bliley Act (GLBA) regulates the safeguarding and confidentiality of certain information. The University has adopted a GLBA policy and compliance program that outlines the privacy and information security provisions the University has put in place to maintain and protect covered data.  The University community must adhere to the policy and GLBA compliance program provisions incorporated by reference into the University’s Confidentiality policy. 

Related Policies

  • Verification of Employment Information: See Policy #121 in the HR Policy Manual for information regarding the release of employment data.
  • Personnel Records: See Policy #122 in the HR Policy Manual for information regarding access and privacy with respect to personnel records.
  • Health Insurance Portability and Accountability Act (HIPAA Complaint Procedures): See Policy #710 in the HR Policy Manual for information regarding the safeguarding of individually identifiable health information and complaint procedures for suspected violations of HIPAA privacy rights.
  • Family Educational Rights and Privacy Act (FERPA): Contact the Office of the Registrar for more information, or visit Registrar’s web page.
  • Information Security Program (pursuant to the Gramm-Leach-Bliley Act): Contact Anne Rocco Pacione, Chief Information Officer, Newman Hall, Email:  [email protected]
  • Third Party Services Policy: Contact Business Affairs or view the policy here.
  • Record Retention and Data Disposal: See Policy #925 in the HR Policy Manual for information regarding the University-wide records retention and disposal plans.
  • Records Storage and Disposition: See Policy #1029 in the HR Policy Manual for information related to the storage or disposing of records no longer needed for everyday operations or frequent reference. 

St. John's University, New York
Human Resources Policy Manual