- Maintain and support secure information technology systems to ensure that Social Security numbers (SSN), birth dates, patient medical history and payment of health services are secure and not at risk for disclosure.
- Never sell, market or distribute SSN, birth dates, patient medical history and/or payment of health services that have been collected.
- Never use SSN as the primary identifier for students and employees.
- No longer accept credit card numbers or store credit card numbers in WVU systems, except where required by federal or state law. Information Technology Services scans computers on the WVU network for SSNs and deletes all SSNs identified in files older than 31 days.
Our privacy policies and procedures establish best practices to lower the risk exposure
to WVU employees and students and are governed by the following federal and international regulations:
FERPA. The Family Educational Rights and Privacy Act of 1974 (FERPA)
grants WVU student’s rights to privacy over their education records. For more
information about how we protect student data and students' rights under FERPA, please visit the University's FERPA webpage.
- HIPAA. The Health Insurance Portability and Accountability Act of 1996 provides data privacy and security provisions for safeguarding medical information. For more information about how we secure protected health information and patient rights under HIPAA, please visit our HIPAA privacy and security webpage.
- GDPR. The General Data Protection Regulation provides additional privacy rights for residents of European Union member states as well as non-EU citizens located in an EU member state. For more information about how we are protecting personal data and individuals' rights afforded under GDPR, please visit our GDPR privacy webpage.
Report any real or suspected data breaches to Information Technology Services at
firstname.lastname@example.org or phone at 304-293-4457/304-293-4444 as outlined
Information Security Event Response Policy.