Members of the Lafayette College community frequently have access to sensitive information in the course of their work or studies. Everyone is responsible for ensuring the confidentiality, integrity, and security of such information.
Such information includes, but is not limited to:
This policy establishes specific requirements for handling, storing, transmitting, and protecting sensitive digital information at Lafayette College. As with other College policies, violation of the Data Stewardship Policy can result in disciplinary action up to and including termination.
This policy applies to all members of the Lafayette College community, including:
It is the obligation of everyone to protect the confidentiality of sensitive information, all of which may be released only when properly authorized. The following guidelines apply specifically to sensitive information in digital format:
Sensitive information must be stored on institutionally-provided systems with appropriate administrative and technical security controls. Using unauthorized cloud storage services (e.g., Dropbox, iCloud, personal Google accounts) is prohibited.
Sensitive information should not be stored on personal mobile devices unless absolutely necessary and must be deleted when no longer needed.
All sensitive information should be regularly backed up, and backups should be encrypted and stored on institutionally-provided systems.
Sensitive information must be transferred only over secure, encrypted channels. If a channel is not secure (e.g., the Internet), mechanisms to secure the data must be used (e.g., unencrypted files transferred over a Virtual Private Network or encrypted files transferred over an insecure network).
Users with access to sensitive information must use strong passwords and multi-factor authentication (MFA) for their Lafayette NetID.
For questions, concerns, or to report a potential data security issue, contact security@lafayette.edu.