University of Maryland Baltimore

General Policy

The University of Maryland Baltimore (UMB) recognizes and respects the need for privacy of sensitive information. Maintaining the security of sensitive information is one of the University's most important responsibilities. UMB's IT administrators or their authorized representatives are held accountable for adhering to strict standards to prevent the misuse of sensitive information. Sensitive information is safeguarded in the following ways:

  1. Employee access to sensitive information is restricted to individuals on a "need to know" basis for the sole purpose of conducting the business of the University.
  2. UMB emphasizes the importance of confidentiality and privacy through a combination of training, operating procedures, and systematically enforced information technology security.
  3. UMB strictly adheres to FERPA, HIPAA, GLB, Maryland Law, and other relevant federal and state laws to protect the security of sensitive information.
  4. UMB continually tests and updates our information technology resources to improve the protection of sensitive information residing on University servers.

At times, UMB is legally required to disclose sensitive information, e.g., in response to a valid subpoena or to comply with a legally permitted inquiry by a governmental agency or regulatory body. UMB may exchange some sensitive information with other entities in order to carry out normal University business transactions. Legal requirements concerning use and disclosure of sensitive information will be applied to information maintained with IT Resources to the same extent that the requirements are applied to records in other forms.