What is sensitive information?
NU IT Security categorizes sensitive information into four components: student information, protected health information, social security numbers, and personal identifying information. This includes both paper and electronic records.
Each category is subject to laws or regulations that outline how the data should be stored, transmitted, and used.
This table describes the different sets of regulations:
| Handling of this type of information | Must be in compliance with this law, regulation or policy… | Which can be read at this location… |
|---|---|---|
| Student information | Family Educational Rights and Privacy Act (FERPA) of 1974 | http://www.neu.edu/registrar/ferpa.html |
| Ex: educational records including grades, transcripts, class schedule, billing records * | ||
| Protected health information (PHI) | Health Insurance Portability and Accountability Act (HIPAA) of 1996 | http://www.neu.edu/adminm/HIPAA_Privacy_Practices.pdf |
| Ex: any health information created or received by a health care entity that includes individually identifiable information * | ||
| Social Security Number (SSN) and Personal Information | NU Policy on Collection, Handling and Use of the Social Security Number and Personal Information | http://www.northeastern.edu/infoservices/wp-content/uploads/ssnpolicy.pdf |
| Social Security Numbers * | ||
| Personal Identifying Information (Pii) | Massachusetts Data Protection Laws (MA201 CMR 17.00) | http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf |
| Ex: name with bank account information, credit card number, social security number, driver’s license number * | ||
* Not a complete list, see statute for complete list or contact IT Security for more information.
