RESPONSIBLE USE / CONFIDENTIALITY AGREEMENT COMPLIANCE FORM
Personnel, student, financial, medical, patient and other sensitive information1 contained within Binghamton University or Binghamton University's Information Systems and/or external SUNY and State Systems are considered confidential. Access to this confidential information and any other information made confidential by law and Binghamton University policy is limited to those individuals whose position requires use of this information. By signing the statement below, you are acknowledging your acceptance and adherence to the confidentiality requirements imposed by federal and state law and Binghamton University policy.
By virtue of my position at Binghamton University or my position as/through an external party providing services to Binghamton University, I may have access to information which is confidential and is not to be disclosed to any person or entity without appropriate authorization, subpoena, or court order. In order to access confidential information, I agree to adhere to the following itemized guidelines listed below: If I have questions or need guidance, I will consult with my supervisor to determine appropriate action.
- I understand and acknowledge that improper or inappropriate use of data in the University's
Information Systems is a violation of University procedures and may also constitute
a violation of federal and state laws.
- I will only use confidential information in a manner consistent with my authorized
access, and the duties and responsibilities of my position.
- I will not provide or release confidential information to any individual or entity
without proper authorization.
- I will not access or review records or files for which I do not have a legitimate
need to know in order to perform my duties.
- I will not make copies of any records or data except as required in performance of
- I will destroy any confidential information for which I no longer have an official
business use in a manner appropriate to the medium and consistent with the applicable
New York State, Federal, and University Record Retention policies.
- I will not share any User ID and Password used to access Binghamton University resources
with anyone, unless I have specific authorization to do so from my supervisor, or
there is a need for an authorized technician to troubleshoot a system problem with
my password. In this latter case, I will change my password when the technician's
task is complete.
- I will not use the data for personal use or for commercial purposes.
- I will refer all requests for information for which there is not an established office
procedure to the Office of University Counsel.
- I will refer external requests for University statistical, academic, or administrative
data to the Office of Institutional Research and Assessment, University Counsel, Human
Resources, Financial Services or those departments that have been authorized to respond
to such requests.
- I agree to report any unauthorized access to confidential data immediately to my supervisor.
- I understand that violations of this agreement may result in the revocation of my
access privileges to University information systems, may result in appropriate administrative
action, including, but not limited to, disciplinary action, and may also subject me
to prosecution by state or federal authorities.
- I understand and agree that my obligation to maintain confidentiality will continue even after I leave the employment of Binghamton University.
1 The disclosure of information from student records is governed by the Federal Family
Educational Rights and Privacy Act (FERPA) [20 U.S.C. § 1232g]. Health information
is governed by and protected by state and federal statutes including the Health Insurance
Portability and Accountability Act of 1996 (HIPAA) and Public Health Law §18. Financial
information is protected by the Gramm-Leach-Bliley Act (GLBA). Social Security Number
disclosure is governed by the Federal Privacy Act of 1974 and NY State law, which
tracks the Federal Privacy Act and limits the collection and use of social security
numbers by colleges/universities.
Payment Card Industry (PCI) Data Security Standard, applicable to cardholder information, is defined by the Payment Card Industry Security Standards Council.
I certify that I have read this "Access and Compliance Form" pertaining to access to and use of information contained in employee, applicant, student or donor records, that I understand and agree to comply with the above terms and conditions.
Agreement to Protect Confidential Information Form (.pdf, 56.6kb)