Confidential Data


Confidential data is business sensitive and personally identifiable information not intended for disclosure outside the organization. Encryption ensures UD confidential data is protected against unauthorized access.


Confidential data refers to business sensitive, personally identifiable information (PII) or otherwise regulated data not intended for disclosure outside the organization.  

The University of Dayton is required to comply with regulations such as:

The University of Dayton policy on Electronic Use of Confidential Data details the types of data used by the University. The charts can be used to assist with identifying and securing sensitive information within the University. Those who require access to confidential data are required to abide by UD's Confidentiality Agreement and submit a Confidentiality Agreement Form

This article covers the following topics:

Laptop Encryption

Understand Data Protection Requirements

Locate Personally Identifiable Information (PII)

Report IT Security Incidents

Laptop Encryption

The loss or theft of laptops and mobile devices presents a great risk to personally identifiable information (PII) and intellectual property potentially stored on these devices. The Board of Trustees and President's Council has directed that all University laptops incorporate a standard, full disk encryption solution with initial and annual costs borne by the unit purchasing the laptop.

Please contact your unit's IT staff or the UDit Risk Management Office (, 937-229-4387) if you have questions or an immediate need for encryption on your device.

Understand Data Protection Requirements

Faculty and staff at UD use a wide variety of electronic information to facilitate University business. While much of this information is public, misuse of restricted or sensitive data could substantially damage UD’s reputation or put our institution at legal and financial risk. 

  • Regulated or Personally Identifying Information (PII): Information to which access must be restricted due to contractual or legal/regulatory considerations. Examples: student academic record (FERPA), social security numbers, credit card data (PCI), personal health information (HIPAA)

  • Business Sensitive: Information of value to UD or which, if lost, might adversely impact our environment. Examples: Proprietary research, pay scales and donor data

  • Public: Information with no existing local, national or international legal restrictions on access. Public information may or must be open to the general public. Examples: course catalog, directory information

See UD's Electronic Use of Confidential Data Policy for more information about classifying the types of data you use.

Locate Personally Identifiable Information (PII)

Tools that assist in finding personally identifiable information on your computing devices include:

Report IT Security Incidents

An IT Security Incident is any adverse event which compromises some aspect of computer or network security.

Security incidents that must be reported include:

  • Compromise of user credentials (when there is reason to believe this has led to unauthorized access or loss of confidential data)

  • Lost or stolen laptop

  • Lost or stolen removable media containing sensitive UD information (CD, DVD, USB flash drive, external hard drive, smart cards)

  • Malware or virus-infected computer (when there is reason to believe this has led to unauthorized access or loss of confidential data)

All incidents should be taken seriously and reported according to UD's policy on IT Incident Handling.  When in doubt, report it! 



Article ID: 44361
Tue 12/12/17 2:47 PM
Mon 7/1/24 4:34 PM