Published using Google Docs
Information Security & Privacy Acknowledgement (ISPA) Form - 2024
Updated automatically every 5 minutes

Information Security & Privacy Acknowledgement

In my capacity as a student, employee, or other affiliation with North Carolina State University, I may have access to information requiring protection from unauthorized disclosure or loss. Depending on the data sensitivity level, whether the data concerns students, personnel, finances or otherwise, the required level of protection may vary as dictated by federal and state privacy laws and/or university requirements.

I understand I am authorized only to use or access information in the performance of my job duties and that I am permitted to share information only with those who need and have similar approval for access to that information to fulfill their responsibilities to the university. Any other sharing of information is strictly prohibited.

In addition, there are compliance obligations around confidentiality that I must follow that may include but are not limited to the Personnel Records Act (G.S. 126-22 et seq), the Family Educational Rights and Privacy Act (FERPA), Regulation 20 U.S.C. 1232g), the Privacy Act provisions governing social security numbers (31 CFR § 1.32), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the North Carolina State Identity Theft Act (N.C.G.S. 75-60), the Export Administration Regulation (EAR), the International Traffic in Arms Regulations (ITAR), the European Union General Data Protection Regulation (GDPR) and all other applicable state, federal and international laws and/or NC State’s Policies, Regulations or Rules (PRRs).

For more information on how data is classified at NC State, visit the Data Management Framework page (go.ncsu.edu/data-framework).

My Responsibilities

Report any issues.  If I become aware of an issue involving suspected or actual inappropriate access, use, disclosure or loss of university data, I will report it to my supervisor immediately. Supervisors must then report the matter to Security & Compliance (S&C) and, if involving a potential violation of criminal law, to the University Police.  See RUL 08.00.17 (Cybersecurity Incident Response Procedures) for details regarding the reporting of cybersecurity incidents.

Keep information secure. It is my responsibility to secure all university information from inappropriate access, disclosure or loss.  I must protect files containing confidential/sensitive information in order to maintain confidentiality and not leave files unattended in areas where inappropriate access is likely. In accordance with the University Record Retention and Disposition Regulation (REG 01.25.12), all university information must be appropriately and securely disposed of and/or destroyed.  

Know relevant policies.  The Data Management Regulation (REG 08.00.03) governs all aspects of university data management (collection, access, storage, and disposition) regardless of format (software, hardware, accessory, audio, printed or digital) or location (central, college, department, institute, or personally owned).  

I must read and familiarize myself with all relevant NC State PRRs, including but not limited to the following:

Acknowledgment and Agreement

I have read this document, I agree to abide by all university PRRs, and I acknowledge my understanding of my individual responsibilities to prevent loss or unauthorized access, use, or disclosure of university information. Violations of university PRRs may result in loss of access to data, disciplinary actions, or referrals for criminal prosecution.  I will consult with my supervisor for any questions regarding information security and privacy requirements.

Revised September 2024