Wellesley College is committed to protecting the security and privacy of information.
College employees routinely have access to sensitive college data (electronic and physical), some of which is protected by Federal, state, or local laws and regulations. As such, the College maintains a number of policies that outline expectations regarding the protection of this information.
- Personal Information (PI)* - SSNs, financial information, etc. (see section below)
- Health Information (see information on HIPAA )
- Student Records (see information on FERPA )
- Employee Confidentiality Policy
Requirements for Protecting Personal Information
In compliance with Massachusetts regulations ( 201 CMR 17.00 ), College policy establishes additional requirements for safeguarding Personal Information (PI). For more detailed information about these requirements, see the College’s Written Information Security Program.
To safeguard PI or other confidential data, here are some general rules that must be followed:
- Never store PI or confidential data on any mobile devices, including notebook computers, smart phones, external hard drives, USB thumb drives, CDS, etc.
- Paper records containing PI or confidential information must be kept in locked files.
- Electronic records containing PI or confidential information must be stored on secure servers, and, when stored on authorized desktop computers, must be password protected. To request access for storage on the College's secure servers click here.
- When it is necessary to remove records containing PI or confidential data off campus, employees must safeguard the information and never leave them unattended.
- When there is a legitimate need to provide records containing PI or confidential information to a third party, electronic records are password-protected and encrypted, and paper records are marked confidential and securely sealed.
* Personal Information (PI) is defined by Massachusetts General Law 93H as any data that contains an individual’s first name and last name (or first initial and last name) in combination with any of the following data elements that relate to the individual:
(a) Social security number;
(b) Driver's license number or government-issued identification card number; or
(c) Financial account number, or credit or debit card number that would permit access to a resident's financial account.