Data Loss Protection Rules
Fordham University actively looks for and prevents protected and sensitive data of our users from being improperly shared within the University and exposed externally to the public. The Information Security Office utilizes serval tools to protect data from being misused or mistakenly shared.
Proofpoint Email Encryption protects sensitive data from being transmitted via email. Read more.
CloudLock protects sensitive data on Google Drive. Read more.
Microsoft 365 Data Loss Prevention protects sensitive data used in Office 365 products such as Word, OneDrive, SharePoint, or Outlook, for example. Read more.
Spirion is used to protect sensitive data that is present on desktops.
Various types of protected and sensitive data subject to our Data Loss Protections rules are:
FIDN is a unique identifier for members of Fordham University.
Personally Identifiable Information (PII) is any information that can be used to identify an individual. The examples for PII can also be found in the other more specific data types. Fordham University protects the confidentiality of certain personal data items associated with ANY individual, including but not limited to:
- Social Security Number (SSN) is a 9-digit ID number provided to US citizens.
- Individual Taxpayer Identification Number (ITIN) is a 9-digit tax processing number tied to an individual
- Driver‘s license number is the number on the state-issued license that allows you to operate a motor vehicle legally
- State-issued ID card number
- Financial account number (e.g., Credit/Debit Card Numbers, Routing number)
- Passport number
- Emergency contacts
- Date of Birth
- IP Address is an Internet Protocol address is a number assigned to devices connected to a computer network, which is PII when tied to an individual. There are two types of IP addresses, called IPv4 and IPv6. IPv4 addresses appear in this format: 255.255.255.255, whereas the newer IPv6 addresses are longer and more complex, appearing as: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
- Last name, first name, or initial with any one item listed above
Payment Card Industry (PCI) is the information related to credit card, debit card, and other payment card data involved in accepting payment. PCI data security standards apply to all entities that store, process, or transmit cardholder data, which include:
- Credit card numbers– various credit card issuers with differently formatted numbers are American Express, Diner’s Club, Discover Card, JCB, BrandSmart, Mastercard, and Visa.
- Debit card numbers are similar to credit card numbers but are issued by banks.
- Cardholder name
- Authentication or security code is a 3- or 4-digit code depending on the card issuer.
- Expiration date
The US Gramm-Leach-Bliley Act (GLBA) protects personal financial information held by or on behalf of financial institutions. Information protected by GLBA includes:
- Student financial aid information is identifiable information related to funding given to eligible students for post-secondary educational institutions.
- Student loan information is loan information that can be tied to a user.
- Student tuition payment history
- Scholarship data
- Federal work-study information
- Bank account numbers
The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student educational records from public entities such as employers or publicly funded institutions. Information protected by FERPA includes:
- Student transcripts are records that contain GPA, credit hours, degree, grades, class names, etc.
- Degree information
- Class schedule
- Disciplinary records
- Athletics or department recruiting information
The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards to protect personal health information (PHI) privacy. PHI covers individually identifiable health information related to an individual’s physical or mental health, provision of healthcare, or healthcare payments. Personal health data stored in student educational records are subject to FERPA and excluded from HIPAA provisions by statute. HIPAA/PHI information includes:
- Medical record number
- Health status
- Healthcare treatment
- Healthcare payment or insurance information
- National Drug Code (NDC) is a medication identifier that can be qualified as PHI when linked to an individual.
- International Classification of Disease (IDC) is an illness identifier that can be qualified as PHI when linked to an individual.