Data Loss Protection Rules

Fordham University actively looks for and prevents our users' sensitive data from being improperly shared within the University and exposed externally to the public. Information Security and Assurance utilizes several tools to protect data from being misused or mistakenly transferred.

  • Proofpoint Email Encryption protects sensitive data from being transmitted via email. 
  • CloudLock protects sensitive data on Google Drive. 
  • Microsoft 365 Data Loss Prevention protects sensitive data used in Office 365 products such as OneDrive or SharePoint. 
  • Spirion is used to protect sensitive data that is present on desktops.

Various types of sensitive data subject to our Data Loss Protection rules are:

FIDN is a unique identifier for members of Fordham University.

Personally Identifiable Information (PII) is any information that can be used to identify an individual. The examples for PII can also be found in the other, more specific data types. Fordham University protects the confidentiality of certain personal data items associated with ANY individual, including but not limited to:

  • Social Security Number (SSN) is a 9-digit ID number provided to US citizens.
  • Individual Taxpayer Identification Number (ITIN) is a 9-digit tax processing number tied to an individual.
  • Driver's license number is the number on the state-issued license that allows you to operate a motor vehicle legally.
  • State-issued ID card number
  • Financial account number (e.g., Credit/Debit Card Numbers, Routing number)
  • Passport number
  • Emergency contacts
  • Date of Birth
  • IP Address is an Internet Protocol address, a number assigned to devices connected to a computer network, which is PII when tied to an individual. There are two types of IP addresses, called IPv4 and IPv6. IPv4 addresses appear in this format:, whereas the newer IPv6 addresses are longer and more complex, appearing as: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
  • Last name, first name, or initial with any one item listed above

Payment Card Industry (PCI) is the information related to credit cards, debit cards, and other payment card data involved in accepting payments. PCI data security standards apply to all entities that store, process, or transmit cardholder data, which include:

  • Credit card numbers– various credit card issuers with differently formatted numbers are American Express, Diner's Club, Discover Card, JCB, BrandSmart, Mastercard, and Visa.
  • Debit card numbers are similar to credit card numbers but are issued by banks.
  • Cardholder name
  • Authentication or security code is a 3- or 4-digit code, depending on the card issuer.
  • Expiration date

The US Gramm-Leach-Bliley Act (GLBA) protects personal financial information held by or on behalf of financial institutions. Information protected by GLBA includes:

  • Student financial aid information is identifiable information related to funding given to eligible students for post-secondary educational institutions.
  • Student loan information is loan information that can be tied to a user.
  • Student tuition payment history
  • Scholarship data
  • Federal work-study information
  • Bank account numbers

The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student educational records from public entities such as employers or publicly funded institutions. Information protected by FERPA includes:

  • Student transcripts contain GPA, credit hours, degree, grades, class names, etc.
  • Degree information
  • Class schedule
  • Disciplinary records
  • Athletics or department recruiting information

The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards to protect the privacy of personal health information (PHI). PHI covers individually identifiable health information related to an individual's physical or mental health, provision of healthcare, or healthcare payments. Personal health data stored in student educational records are subject to FERPA and excluded from HIPAA provisions by statute. HIPAA/PHI information includes:

  • Medical record number
  • Health status
  • Healthcare treatment
  • Healthcare payment or insurance information
  • National Drug Code (NDC) is a medication identifier that can be qualified as PHI when linked to an individual.
  • International Classification of Disease (IDC) is an illness identifier that can be qualified as PHI when linked to an individual.

 Need Help?

Walk-In Centers

McShane Center 266 | RH
Leon Lowenstein SL18 | LC

View Our Walk-In Hours