Records Security, Privacy, and Confidentiality

By default, campus records are considered confidential and/or highly confidential, and should be protected from unauthorized access.

Highly Confidential information at BYU can take many forms. Some examples include

• Records containing Personally Identifiable Information (PII) or Personal Health Information (PHI).
• Student education records protected by FERPA.
• Utah's Protection of Personal Information Act
• HIPAA
• And other examples that can be found on the University Archives Policy

Protecting the individual privacy of our students, employees and visitors is essential. Records and information containing personal information should be protected and should not be shared without appropriate agreements in place. See privacy.byu.edu

Protecting Physical (Paper) Records

• Highly confidential records should be stored in locked cabinets or rooms.
• Protect records by not leaving them in an open area when unattended by authorized personnel.

Protecting Electronic Records

• Access to confidential records should be encrypted and should require the use of BYU Net ID credentials.
  
  • Box is currently the recommended repository for electronic records.
• Portable storage devices containing highly confidential information should be kept in a locked cabinet or room, and should be encrypted.
• Per the BYU Information Security office guidelines, all electronic systems must meet the Minimum Security Controls.

Destroying Confidential and Highly Confidential Records

• Please see Record Destruction for more information.