Policies about Data
The University has a number of official policies, standards, and procedures addressing appropriate use, protection, access, etc. This is a good collection to become familiar with if you have specific questions.
There are a number of Information Security policies and standards that speak to specific ways to protect information.
Vendor Management addresses our responsibilities when we contract with third parties that will have access to our data.
Access Control Policy and Standard speak to how to make sure that people using systems with our data are properly authorized (and de-authorized) and that people who aren’t authorized don’t have access.
The Transmission of Sensitive Information Standard describes how to protect Tier 2 and 3 information when it’s sent from place to place.
Some categories of information like HIPAA-protected personal health information (PHI), FERPA-protected student information, or purchasing card information (PCI) have policies as well.
Individual schools and departments may have more specific policies and standards related to using information such as HIPAA Covered Units.
We have Information Security Liaisons in each department to help with all of this. If you still have questions about the sorts of data you have, or need, and how it may be covered by a policy, submit an University Data Assistance request at help.unc.edu.