ButlerUniversityPolicy&Procedure

Policy:EmployeeCodeofResponsibilityforSecurityandConfidentialityofInformation
Dept.Responsible:HumanResources
EffectiveDate:March1,2010     RevisedDate:June1,2009

Overview
ButlerUniversity,bothasaneducationalinstitutionofhigherlearningandanemployer,requiresthe
strictconfidentialityandsecurityoftheinstitution’srecords,incompliancewiththeFamilyEducational
RightsandPrivacyActof1974(FERPA),theHealthInsurancePortabilityandAccountabilityAct(HIPAA),
Indianacodeandotherfederal,stateandlocallawsasapplicablethataffectthedisseminationanduse
ofconfidentialorprotectedinformationandrecords.Administrators,faculty,staffandstudentworkers
(Employees)whohaveaccesstosuchinformationand/orrecordsshallsafeguardtheprivacyand
confidentialityofsuchinformationand/orrecordsandshallnotdiscloseordisseminatesuch
informationand/orrecords(inwhateverformmaintained)toanyunauthorizedpersonorentity.

Scope
Thispolicyappliestofaculty,staffandallothersperformingtasksonbehalfofButlerUniversity,
includingbutnotlimitedtocontractors,affiliates,guestinstructors,studentworkers,andthirdparty
providers,asitisthroughthediligenteffortsofeveryonethatinformationisprotected.

PolicyStatement
1) Withoutlimitingthegeneralityoftheforegoing,activitieswhichareprohibitedinallcasesinclude,
butarenotlimitedto:
A. Engaginginanyunauthorizedorinappropriateuseofinformationand/orrecords,or
permittingsuchunauthorizedorinappropriateuse;
B. Obtainingorattemptingtoobtainpersonalbenefitorpermittingotherstoobtainor
attempttoobtainpersonalbenefitbytheuseordisclosureofanyconfidentialinformation
and/orrecordsthatanEmployeeaccessesinthecourseofhis/herworkassignmentor
otherwise;
C. Exhibitingordivulgingcontentsofanyrecordorreporttoanypersonorentity,exceptinthe
conductoftheEmployee'sworkassignmentand/orresponsibilitiesinaccordancewith
ButlerUniversitypolicies;
D. Knowinglyincludingorcausingtobeincludedinanyrecordorreportafalse,inaccurate,or
misleadingentry;
E. Removinganyofficialrecordorreport(orcopythereof)fromtheofficewhereitiskept,
exceptintheperformanceoftheEmployee’sworkassignmentand/orresponsibilitiesin
accordancewithButlerUniversitypolicies;and


EmployeeCodeofResponsibilityforSecurityandConfidentialityofInformation Page1




F. Aiding,abetting,oractinginconspiracywithanyotherpersontoviolateorcompromisethe
confidentiality of protected information or records, or to violate this Employee Code of
Responsibility.
2)ComplianceEmployeesareexpectedtoimmediatelyreportanythreatenedoractualviolationof
thisEmployeeCodeofResponsibilitytotheirimmediatesupervisorortheHumanResources
Department.

3)BreachAnyviolationofthisEmployeeCodeofResponsibilitywillsubjecttheoffendingEmployee
todisciplinaryactionconsistentwiththepoliciesofButlerUniversity,whichmayincludetermination
ofemploymentandpossiblelegalaction.WheretheEmployeeisastudent,disciplinaryactionmay
alsoincludesuspensionorexpulsionfromtheUniversity,orsuchotheracademicorothersanctions
astheUniversitydeemsappropriate.


Administration
OperationalresponsibilityofthispolicyisdelegatedtotheExecutiveDirectorofHumanResources.
Periodicallyorasrequired,thispolicywillbereviewedbytheSr.AdministrativeGrouptoensurethe
policyisuptodateandapplicableinthecurrentenvironment.PeriodicreportswillbemadetotheSr.
AdministrativeGroupintheeventofmaterialbreaches.


RelatedPolicies
A. ComputerUseMasterPolicy
B. Fair,ResponsibleandAcceptableComputerUsePolicy
C. PrivacyofPersonallyCreatedContent
D. IdentityTheftInformation–Storage,Disposal,Breach&RedFlags
E. FederalHIPAA(HealthInsurancePortabilityandAccountabilityAct)
F. FederalFERPA(FamilyEducationalRightsandPrivacyAct)seeStudentHandbook


RevisionHistory
ƒ ApprovedbytheBoardofTrustees,February26,2010
ƒ BecameformalcampuswidepolicyMarch1,2010;previouslyHumanResourcesand
RegistrationandRecordsformsignedpriortograntingPeopleSoftaccessand/oratnewhire
ƒ ApprovedbySr.AdministrativeGroup:January19,2010
ƒ StatementrevisedJune2009
ƒ OriginallycreatedApril2001

EmployeeCodeofResponsibilityforSecurityandConfidentialityofInformation Page2