Faculty and staff manage protected information as part of their institutional responsibilities. This includes data pertaining to permanent, temporary, contract and student employees, whose job duties require them to access protected information or who work in a location where there is access to protected information.
Departments are responsible for maintaining a high level of awareness and sensitivity to safeguarding protected information and should periodically remind their faculty and staff of its importance. Each department is responsible for ensuring that all staff and faculty are trained in the relevant GLBA, HIPAA, FERPA, and NY SHIELD concepts and requirements. Relevant training material have been developed by the Office of Information Technology.
Training may be delivered in a variety of ways that meet the department’s objectives. Departments are responsible for maintaining records of staff that have received training and must be able to produce written copies upon request. Upon completion of the appropriate training modules provided by NYLS, designated employees will be required to complete a short quiz which demonstrates mastery of GLBA and/or other security-related topics. Departmental leads are Records of those who complete such training should be maintained in departmental files by the appropriate GLBA, HIPAA, or FERPA representative in respective units; these records will be maintained for a minimum of three years.