2025-2026 Student Handbook 
    
    Aug 21, 2025  
HELP
2025-2026 Student Handbook

Student Employee Confidentiality Policy

Updated: July 2025

Policy 

Students may be employed by the University under a variety of circumstances-administrative assistants, teaching assistants, tutors, research assistants, resident assistants, coaches, work study positions, and others - and may serve on numerous committees that expose students to confidential or sensitive information.  Student employment and participation on committees and other governance entities benefits both the student and the University.  From an organizational perspective, the University's reputation and effectiveness depend on the ability and intention of all employees to manage our data and records with care and discretion. 

Managing the affairs of a university requires a wealth of information, which must be free to flow efficiently among those who need it to fulfill their responsibilities.  However, students - like the employees beside whom they work - are accountable for safeguarding the privacy of the University's employees, students, and external constituents.  Regardless of its form (electronic, oral, written), information must be handled according to standards that are legal, ethical, and responsible. 

For example, University employees are subject to provisions of these federal laws: 

  • Family Educational Rights & Privacy Act (FERPA) 
  • Health Insurance Portability & Accountability Act (HIPAA) 
  • Gramm-Leach-Bliley Act (GLBA) 
  • Fair Credit Reporting Act (FCRA) 

There are additional regulations at the state level, as well as rules that govern educational institutions, financial aid administrators, student athletics administrators, personnel administrators, and so on.  Violations of these provisions by student employees endanger both the student and the University.  More fundamentally, using information for unintended purposes, or publicizing information carelessly or maliciously, is simply wrong; such acts violate the trust we place in our employees to conduct themselves professionally and responsibly. 

This document is intended to provide basic guidance to student employees and their supervisors in accessing and handling sensitive information.  More detailed guidelines that apply to specific offices are available from office supervisors.  Student employees must read and understand this document and sign the form on the last page before a Work Authorization Card is issued.  The form will be filed in the Student Employment Office. 

General Guidelines  

Safeguarding Confidential Information 

These general guidelines apply to the release of data and personally identifying information, regardless of its form: 

  • Data regarding students, employees, finances, and operations should not be provided to non-University employees without your supervisor's permission.  Some data are routinely provided to non-University constituents-your supervisor will instruct you on the proper handling of such information. 
  • Data regarding students or employees should not be provided to the students or employees themselves, without authorization from one's supervisor.  Some information is provided routinely-your supervisor will instruct you on the proper handling of such information. 
  • Information regarding a student can be revealed to specific individuals within the University (including other students) only on a strict "need-to-know basis" and should not be provided to the student's parents or guardians or to any other individual outside the University without the student's signed "Student Release - University Records and Information Form."  Your supervisor will instruct you on how to safeguard the privacy of student information as governed by university and government policy. 
  • Information available to student employees or committee members through their University positions may not be used for personal gain, to provide 'favors' for friends or others, or for any other unintended use. 
  • Types of Information That May Be Sensitive or Confidential 

The following is a non-exhaustive list of types of information that may be governed by statute or by University policy, or that could be sensitive if mishandled: 

  • Any records from the University's computer programs concerning students, faculty, and staff 
  • Student and employee disciplinary records 
  • Financial Aid records 
  • Employment records and other data maintained by Human Resources or Payroll 
  • Student and employee health records 
  • Telephone messages 
  • Home or cell telephone numbers 
  • Employee or student addresses 
  • Social Security numbers or other personally identifying data 
  • Student visa status or other immigration information 
  • Employee electronic calendars or contact information 
  • Email addresses 
  • Minutes or other records of confidential bodies (e.g., grievance or disciplinary committees of which students are members) 
  • Private conversations conducted in one's office area 

Use of University Computers and Data Systems 

  • Unattended Machines - Desktop computers left unattended for more than a few minutes should be locked down, so that a password log-in is required for their continued use.  Computers should be locked down or turned off at the end of the day. 
  • Secure Access - Password access to computers or campus systems should be provided to students with great discretion, and on a "need-to-know" basis. 
  • Setting Passwords - Passwords used to access University computers or systems should be set by office supervisors and should not be changed by others.  Any required changes in passwords must be approved by the supervisor. 
  • Remote Access - Access to the University's systems and computers from remote locations (home, classrooms, dorms, etc.) by student employees should not occur, except with explicit instruction by supervisors.  Such access will be exceedingly rare and will be in response to extraordinary need. 
  • Personal Use of University Machines - University computers and technology provided to student employees to perform their jobs should not be used for personal use.  Installation of non-University applications and hardware is strictly forbidden. 

Handling Files and Records 

  • Removal of Files - Student employees should not remove paper files, printouts, compact discs, DVDs, flash drives, or other records from the office where they are used without explicit instruction from the supervisor. 
  • Offloading files - Files should not be downloaded to the student's laptop, PDA, or other mobile device without instruction to do so.  All files transported off of University systems should be password protected and/or properly encrypted. 

Access to University Offices 

  • Access "After Hours" - Student employees are not to enter University offices during hours the offices are not open, unless specifically instructed to do so by their supervisor.  Campus Police must be notified in writing if students will have access to offices without supervision. 
  • Access by Non-Employees - Students who are not employed in a given office are not permitted in secure areas of that office without permission by the office supervisor.  Students not employed in the office should not be permitted by computer or other file locations where sensitive information may be seen. 

General Procedures Supporting This Policy 

What is Proper Procedure for Handling Information? 

  • Seeking Guidance on Proper Procedure - Each office will have information relevant to its duties on the proper handling of sensitive data and other information.  Further guidance is available on our website regarding our computer systems.  The rule of thumb in all cases, however, is simple-if you are in doubt, ask your supervisor for guidance. 

Reporting Violations 

  • Reports by Students - It is important that violations of this information management policy are addressed.  If you witness others acting in a way that is contrary to this policy, you are to report your suspicion to your supervisor.  If the suspected violation occurs in an office other than your own, you may report your suspicion to the supervisor of that office. 
  • Failing to Report Witnessed Violations - Failure to report violations you have witnessed may be interpreted as a willful violation of the policy of your own.  Student employees may not aid another student employee in policy violation. 
  • Supervisor's Obligation to Report Violations - Supervisors must report to the Dean of Students the nature of violations of this policy and the disciplinary action taken by the supervisor.  The Dean of Students will counsel the supervisor on appropriate further action, if any. 

Discipline 

  • Sanctions - Violations of published information management policies may result in verbal reprimand and corrective counseling, written reprimand, or suspension/termination from University employment, at the discretion of the supervisor.  The supervisor may take guidance from applicable statutes or other rules governing the information in question, as well as managerial judgment.  Consultation with the Dean of Students is strongly encouraged (see B.3. above).  In those cases, wherein student conduct actions are anticipated, the student typically will be suspended from their University positions pending the outcome of the case in the student conduct system. 
  • Records ­- Violations are entered on the student's conduct record and are subject to conduct procedures managed by the Dean of Students.  Violations may also be subject to civil penalties as dictated by relevant statute.  Prior violations are also recorded in the student's file maintained by the Student Employment Office and will be considered in the process of application to work in other University offices. 

Catalog Navigation
  Catalog Home
  Welcome
  Academic Misconduct Policy & Procedures
  Academic Policies and Regulations
  Residence Halls Policies and Procedures
  Student Code of Conduct
  University Policies
  University Commitment to a Drug-Free Environment Statement
  Academic Affairs
  Student Affairs
  Academic Support
  Academic Service Learning
  Banking Services
  Campus Bookstore
  Information Technology
  Intercollegiate Athletics & Campus Recreation
  Library
  Military and Veteran Affairs
  One Stop Student Financial and Registrar Services Office
  ROTC
  Student Employment Office
  Student ID Card/Campus Card
  Study Abroad and Study Away
  University of New Haven Dental Center
  University of New Haven Police Department