University Compliance and Ethics oversees the university-wide privacy program that establishes standards for the protection of data in accordance with applicable laws and regulations and monitors the university’s compliance with these requirements. The office provides guidance to the university community on these standards, university policies, and best practices. The privacy compliance program works in tandem with the Information Security Office to secure and protect personal data and deliver awareness training.
Sensitive Information Disclosure
The university receives, creates, or has custody of various categories of information. UCF Regulation 3.045 Sensitive Information Disclosure sets forth the requirements that employees and affiliates must follow when handling sensitive information at UCF. Employees are advised to refer to and abide by UCF Policy 4-008 Data Classification and Protection, which contains additional information relating to data classification and protection.
Data Classification and Protection Policy
UCF classifies the information or data in use at the university within policy Data Classification and Protection Policy (4-008). This policy outlines the technical controls required for access, use, transmission, storage, and disposal of data based on its classification. Highly restricted data, for instance, contains the most sensitive data and therefore requires the highest level of access control and security protection. Requirements for restricted data and unrestricted data are also covered by the policy. Employees are expected to be familiar with the three types of data – highly restricted data – restricted data – unrestricted data – and handle accordingly.
Privacy Notice
UCF’s Internet Privacy Notice contains information about how the university protects and treats personal and other confidential information and provides resources to assist website visitors, including students, staff, and faculty.
Privacy Compliance Activities
Privacy Compliance activities conducted by the office include, but are not limited to:
-
establishing and updating appropriate policies, procedures, and public facing privacy notices,
-
ensuring that appropriate language is included in contracts with third parties,
-
administering and reviewing data protection impact assessments,
-
responding to data subject access requests,
-
reviewing research and similar studies involving personal data,
-
providing privacy and data protection-related guidance, and
-
responding to and resolving incidents of potential non-compliance.
If you have privacy related questions or need assistance appropriately securing, transferring, processing, or storing highly restricted data, including protected health information (PHI), restricted data, personal information, or other confidential information please contact our office at privacy@ucf.edu.