Skip to main content
University of Nebraska Omaha logo University of Nebraska Omaha
APPLY MY UNO DIRECTORY

Students Faculty Staff Community
APPLY MY UNO DIRECTORY
Students Faculty Staff Community
  • About
    About UNO
    • Leadership
    • Mission and Strategic Plan
    • Accreditation
    • Our City: Omaha
    • Facts & Figures
    • News
    • Events
    • Organizational Units
    • Campus Safety
    • Buildings and Maps
    Get Started
    • Apply
    • Campus Visit
    • Contact Us
    Front view of UNO's ASH building
    Get Started Today

    Apply Now
  • Academics
    Majors and Programs
    • Undergraduate Programs
    • Master's Programs
    • Doctoral Programs
    • International Programs
    • Online Programs
    • Class Search
    Colleges
    • College of Arts and Sciences
    • College of Business Administration
    • College of Communication, Fine Arts and Media
    • College of Education, Health, and Human Sciences
    • College of Information Science & Technology
    • College of Public Affairs and Community Service
    • Graduate Studies
    Resources
    • Catalogs
    • Academic Calendar
    • Library
    • Advising
    • Academic Affairs
    • Registrar
    • Academic Support
    • Request Transcript
    Top view glance of calendar showing August 2024
    Deadlines Are Approaching

    View year-at-a-glance calendars that include term start and end dates, and school holidays.

    Academic Calendar
  • Cost & Aid Backback to Main menu
    • Undergraduate Tuition
    • Graduate Tuition
    • Financial Support
    • Cost of Attendance
    • Undergraduate Scholarships
    • All Scholarship Information
    • Military and Veterans Benefits
    • Consumer Information
  • Admissions
    Get Started
    • Apply
    • Complete Your FAFSA
    • Schedule a Campus Visit
    • Request Info
    Admitted Students
    • Orientation
    • Enrollment Deposit
    • Transcripts
    • UNO 101
    • New Student & Family Events
    Cost & Aid
    • Undergraduate Tuition
    • Graduate Tuition
    • Financial Aid
    • Cost of Attendance
    • Scholarships
    • Military and Veterans Benefits
    • Consumer Information
    Admissions
    • Undergraduate Admissions
    • Transfer Students
    • Graduate Admissions
    Students walking together on campus for a tour
    Visit UNO's Campus

    Schedule a Tour
  • Student Life
    Campus Life
    • Event Calendar
    • Athletics
    • Campus Dining
    • Student Housing
    • Campus Recreation
    • Milo Bail Student Center
    • Parking and Transportation
    • Campus Safety
    Involvement and Leadership
    • Student Organizations
    • Student Government
    • Career Services and Internships
    • Spirit and Tradition
    • Student Leadership, Involvement, and Inclusion
    Support
    • Academic Support
    • Maverick Advising Center
    • Accessibility
    • Durango's Advancement & Support Hub (DASH)
    • Student Service
    • Student Safety
    Resources
    • Health Services
    • Military-Connected Resources
    • Student Conduct and Community Standards
    • Division of Student Life and Wellbeing
    Students participating in a beading craft activity
    Get Involved on Campus

    See Events Calendar
  • Engagement
    Students
    • Student Service and Leadership Collaborative
    • Find Volunteer Opportunities
    • Maverick Food Pantry
    • Voter Information
    • Internship Opportunities
    • Career Services
    • Student Resources
    • Become an Engaged Scholar
    Faculty and Staff
    • Faculty Senate
    • Center for Faculty Excellence
    • Staff Advisory Council
    • Faculty Resources
    • Engaged Research
    • Service Learning Academy
    • Community-Based Learning Courses
    Community
    • Campus Resources
    • Service Learning Academy
    • Samuel Bak Museum: The Learning Center
    • Promote Volunteer Opportunities
    • Promote Internship Opportunities
    • Rent Office Space
    • Senior Passport Program
    • Community Engagement Partnership Initiative
    Office of Engagement
    • Connect to Campus
    • Barbara Weitz Community Engagement Center
    • Service Learning Academy
    • Rent Office Space
    • Samuel Bak Museum: The Learning Center
    • Partner With Us
    • Senior Passport Program
    • Nebraska Business Development Center
    • Community Partners on Campus
    Student volunteering with a food bank
    Connect with Us

    Contact the Office of Engagement
  • Research
    Student
    • Research and Creative Activity Fair
    • Graduate Research (GRACA)
    • Student Conference Travel Fund
    • Undergraduate Scholarly Experience (FUSE) Fund
    Faculty
    • Grant Databases
    • External Funding
    • Awards and Committees
    • Office of Sponsored Programs
    Research at UNO
    • Office of Research and Creative Activity
    • Research News
    • Centers and Institutes
    Students giving presentations on research projects
    UNO Pushes Innovation Forward

    Read UNO Research News
  • Athletics
    Men's Teams
    • Baseball
    • Basketball
    • Golf
    • Hockey
    • Soccer
    • Swimming & Diving
    • Tennis
    Women's Teams
    • Basketball
    • Cross Country
    • Golf
    • Soccer
    • Softball
    • Swimming & Diving
    • Tennis
    • Track & Field
    • Volleyball
    Game Day Resources
    • Purchase Tickets
    • Team Schedules
    • Buy Maverick Gear
    Baxter Arena
    • Calendar
    • Tickets
    • Directions & Parking
    • Clear Bag Policy
    • Public Skating
    Hockey player walking out on the ice arena
    Cheer on our Mavericks!

    Buy Tickets
  • Alumni Backback to Main menu
    • Alumni
    • Transcripts
    • Thompson Center

Campus Policies

  1. UNO
  2. Campus Policies
  3. Regulated Data Security

Regulated Data Security

Policy Contents

  • Scope
  • Policy Statement
  • Reason for Policy
  • Procedures
  • Definitions
  • Additional Contacts
  • Forms
  • Related Information
  • History
  • Effective: 10-01-2014
  • Last Revised: 08-31-2016
  • Responsible University Administrator: Chief Information Officer
  • Responsible University Office: Information Security
  • Policy Contact: Information Security • security@unomaha.edu
  • Print or view PDF

Scope

This policy applies to all university personnel and entities that have access to and electronically store regulated data and/or collect, store and use personal information. 


Policy Statement

Regulated Data Storage 
All personnel and entities associated with the university that intentionally store regulated data electronically are required to seek authorization by completing the form in Appendix B: Regulated Data Authorization Form. This includes third parties that provide services to the university and those requirements mandated by law such as financial aid and payroll. Authorization to electronically store regulated data does not grant permission to share that data with anyone. Electronic storage of regulated data is not permitted on non-university owned devices unless specifically authorized. You must contact the Information Security Office for assistance in disposing any regulated data.

Risk Reduction and Enforcement
Data scanning software for data loss prevention (DLP) has been installed on the University of Nebraska Omaha (UNO)’s network to help reduce the risk of data breaches. This device is intended only to flag network traffic and data storage that contains unencrypted regulated data. The information found by the DLP software is strictly used to reduce the risk of regulated data being breached. Access to reports generated by DLP software is authorized by the Executive Regulated Data Authorization Committee only for the use of enforcing this policy and reducing the exposure of regulated data. The use of DLP software complies with NU Executive Memorandum 16 and the UNO Privacy Policy.

Reason for Policy

Identity theft continues to rise every year in the United States. The use of the Internet to steal sensitive data such as Social Security Numbers (SSN) and payment card numbers is a major contributor to this rise.

Institutions of higher education have become attractive targets for Internet identity theft. Data credentials such as SSNs are used by thieves to establish fraudulent credit and perform other illegal activities associated with stealing a person’s identity. UNO has legal and ethical responsibilities to protect this sensitive data. Failure to do so may result in economic or social harm to individuals, loss of the public’s confidence in the university’s ability to protect sensitive data, and legal liability for damages incurred.

The State of Nebraska approved LB 876, known as the “Consumer Notification of Data Security Breach Act of 2006,” in April 2006. This law outlines what must occur if unencrypted data, as defined in the Act, has been breached. In addition, UNO must comply with Payment Card Industry (PCI) requirements to properly secure payment card information. Failure to meet these requirements may result in financial penalties and/or loss of ability to process payment cards at UNO. As stewards of personal information, UNO has a responsibility to be vigilant and proactive in the protection of privacy of campus users and the protection of regulated data that has been entrusted to its care. This policy serves to identify procedures and security requirements that must be met before authorization is granted to electronically store regulated data.

Procedures

Requesting Access to Electronically Store Regulated Data
To be granted access to electronically store regulated data, you must first complete the request form located in Appendix B: Regulated Data Authorization Form.

Once the request form is completed and signed by an Academic Dean or Divisional Leader, then the request will be considered for authorization by the Regulated Data Authorization Committee. If a regulated data storage request is denied by the Regulated Data Authorization Committee, the requester may appeal to the Executive Regulated Data Authorization Committee. The Executive Regulated Data Authorization Committee will make the final decision regarding the storage of regulated data. Reauthorization to continue to electronically store regulated data is required on a biennial basis.

Information Services (IS) provides a Regulated Data Server for any authorized individual or department to use. If the IS Regulated Data Server will not be used, the proposed storage location must meet the technical security requirements outlined in Appendix B: Regulated Data Authorization Form.

Regulated Data Storage Requirements

Technical Requirements
All regulated data must be stored on the Regulated Data Server managed by IS. Updates will continue to be made to these requirements as technology and cybersecurity threats change. Authorized users will be notified as changes are made.

 

Audits
All university-owned equipment is subject to audit for unauthorized storage of regulated data. Devices authorized to store regulated data are subject to audits as deemed necessary by the Information Security Office. Reasonable prior notification of an audit will be provided. Audit results are handled confidentially by Information Security staff and are reported to the Executive Regulated Data Authorization Committee in aggregate.

 

Training
Training on technical requirements will be provided at the time authorization is granted to electronically store regulated data by IS. Training must be completed before storage of regulated data begins.

Policy Enforcement
This policy is enforced by the Executive Regulated Data Authorization Committee. Failure to comply with this policy may result in disciplinary actions.

Definitions

Regulated Data: University data that is highly confidential and is regulated by state or federal privacy laws. Specific examples of regulated data include:

  • Social Security Numbers
  • Motor vehicle operator’s license number or state identification card number
  • Account or credit or debit card numbers, in combination with any required security code, or password that would permit access to a person’s financial account
    • Student records (except those defined by university policy as directory information under FERPA)
    • Unique electronic identification number, username, or routing code, in combination with any required security code, access code, or password
    • Unique biometric data such as fingerprint, voice print, retina/iris image, or other unique physical representation
      Health-related data

Sensitive Data: University data routinely used in conducting business not covered by state or federal privacy laws. The data are protected to preserve the privacy, safety, and reputation of individuals and/or the university.

Public Data: University data which are categorized as neither “regulated” nor “sensitive.” Generally, this is information that can be made available to the public without risk of harm to the university or any entities with an affiliation to the university. 

Additional Contacts

Executive Regulated Data Authorization Committee
This committee consists of the Associate Vice Chancellor for Research and Creative Activity, Associate Vice Chancellor for Student Affairs, Chief Information Officer (CIO), and Associate Vice Chancellor for Business and Finance. The committee members are responsible for reviewing decisions of the Regulated Data Authorization Committee as requested. This committee is responsible for the enforcement of this policy.

Regulated Data Authorization Committee
This committee consists of the Director of Records and Registration, Director of Finance and Controller, and Chief Information Security Officer (CISO). These members are responsible for authorizing access to store regulated data and executing this policy.

Data Users
Data Users are individuals authorized to access and electronically store regulated data in execution of their job functions. Users are responsible for taking all reasonable measures to safeguard the confidentiality and integrity of the data to which they have access. This group includes outside parties contracted to perform data services.

Academic Deans and Divisional Leaders
Academic Deans and Divisional Leaders are responsible for coordinating with the Regulated Data Authorization Committee in authorizing their staff’s request to electronically store regulated data.

Information Security Office (within Information Services)
The Information Security Office is responsible for enforcing the technology requirements outlined in this policy. 


Forms

Regulated Data Security Policy Form (Appendix B)

Related Information

Regulated Data Standard

 

 

NU Executive Memorandum 16

NU Executive Memorandum 26

UNO Student Records Policy

State of Nebraska Consumer Notification of Data Security Breach Act of 2006

Payment Card Industry Data Security Standards (PCI-DSS)

History

This policy is an update to the Regulated Data Security Policy that was previously updated in 2014.

Next Steps

  • Visit UNO
  • Request Information
  • Apply for Admission
  • The UNO Advantage
  • Our City (Omaha)

Just For You

  • Future Students
  • Current Students
  • Work at UNO
  • Faculty and Staff
  • A-Z List

Popular Services and Resources

  • my.unomaha.edu
  • Academic Calendar
  • Campus Buildings & Maps
  • Library
  • Pay Your Bill
  • Course Catalogs
  • Internships & Career Development
  • The Maverick Store
  • MavCARD Services
  • Military-Connected Resource Center
  • Speech Center
  • Writing Center
  • Human Resources
  • Center for Faculty Excellence

Affiliates

  • University of Nebraska System
  • NU Foundation
  • Buffett Early Childhood Institute
  • Daugherty Water for Food Institute
  • National Strategic Research Institute
  • Peter Kiewit Institute
  • Rural Prosperity Nebraska
  1. University Policies
  2. Privacy Statement
  3. Accessibility
  1. 402.554.2800
University of Nebraska Omaha
University of Nebraska Omaha, 6001 Dodge Street, Omaha, NE, 68182
  • ©  
  • Emergency Information Alert
  • MavsReport

Social Media

Omaha Skyline

Our Campus. Otherwise Known as Omaha.

The University of Nebraska does not discriminate based on race, color, ethnicity, national origin, sex, pregnancy, sexual orientation, gender identity, religion, disability, age, genetic information, veteran status, marital status, and/or political affiliation in its education programs or activities, including admissions and employment. The University prohibits any form of retaliation taken against anyone for reporting discrimination, harassment, or retaliation for otherwise engaging in protected activity. Read the full statement.