NSHE Policy Regarding Data Security

Print this Page

BOARD OF REGENTS HANDBOOK

Title 4, Chapter 1, Section 22.7

It is the policy of the Board of Regents that sensitive data maintained or transmitted by an NSHE institution must be secure. For the purposes of this section, “sensitive data” means any data associated with an individual, including but not limited to social security number and data that is protected by Board policy, or state or federal law.

1. Each NSHE institution must develop and maintain policies, standards, and/or procedures that describe and require appropriate steps to protect sensitive data that is maintained on an institution’s computing devices or transmitted across public network such as the Internet. Institutional policies must include the requirements for the eradication of data when computers are sent to surplus or repurposed. Institutions must be aware of all areas that data are stored, both physically and electronically, and must audit these areas annually to ensure that sensitive data are retained or destroyed as appropriate. Each institution must maintain policies and procedures to be followed in the event that sensitive data is released inappropriately, including but not limited to the appropriate disclosure of the breach of sensitive data pursuant to NRS 603A.220.
2. Pursuant to the Privacy Act of 1974 (Public Law 93-579), each institution requesting that an individual disclose his or her social security number must inform that individual whether that disclosure is mandatory or voluntary by what authority the number is solicited, and what uses will be made of it.
3. Each NSHE institution must adhere to the disclosure requirements established pursuant to NRS 239B.030.