Section Content

Information Security for Faculty & Staff

Faculty and staff at the University of Hawai‘i access the sensitive information of the University on a daily basis while each fulfilling individual duties and responsibilities.

Due to the openness of the environment and culture, coupled with fast research networks, universities are constantly probed and under cyber attack from various vectors. The "bad actors" are constantly looking for weaknesses in our computers and network, trying to infiltrate to steal information or misuse our technologies.

Each one of us is responsible for safeguarding the information that we are entrusted with.

We must all be aware of the cyber risks and understand that higher education institutions are constantly under cyber attack. It is our responsibility to implement sufficient security controls to protect the data under our care in accordance to appropriate security policies and regulations.

General Data Protection Guidelines

UH Executive Policy E2.214: "Security and Protection of Sensitive Information" classifies data into two (2) categories: "Public" and "Sensitive". Sensitive data is anything that is subject to privacy considerations or has been classified as confidential and is subject to protection from public access or inappropriate disclosure.

Examples of sensitive information include (but are not limited to):

  • social security numbers (protected by HRS 487J, 487N, 487R)
  • student records (protected by FERPA)
  • health information records (protected by HIPAA)
  • personal financial information (credit card numbers, bank account information, etc.)
  • personnel information (protected by HRS 92F)
  • other information protected by federal, state, local regulations

Both the data itself and the computer used to access/manipulate the data need to be protected. Information on protecting sensitive information can be found in AskUs 1266. Information on securing your computer can be found in AskUs 593.

Special security precautions must be taken when using a mobile device (laptops, smartphones, tablets, etc.) Best practices for using these types of devices are found in:

Faculty members collecting research data (especially if using human subjects) or using institutional information have additional considerations and should be familiar with the University of Hawaii Institutional Review Board and should also read Information Security for Research.

For easy reference, a list of applicable UH policies, state regulations and federal regulations is provided below.

University of Hawai‘i Policies

Hawai‘i Revised Statutes

Federal Regulations