Financial and Banking Data

Banking and financial data often include Personally Identifiable Information, which is protected by federal and Massachusetts laws. This data is also a type of institutional data, which is defined as all information that is created, collected, licensed, maintained, recorded, used, or managed by the University, its employees, and agents working on its behalf, regardless of ownership or origin.

Why?

The University must comply with Massachusetts Data Privacy Laws.

Getting Started

  1. Never store banking information and credit card numbers on your computer.
  2. For banking information other than credit or debit card numbers, if you do have a business need for the information, the records should be stored only in a Tufts network drive, in Tufts Box (subject to the Tufts Box Use Guideline), or another Tufts approved location. A device can be left on the T, but a network drive cannot.
  3. Control access to accounts and minimize the number of people who have access to the records.
  4. Comply with the Tips and Guidelines for Sensitive Personal Information. The Sensitive Personal Information Guide is also available as a quick summary.

Documentation

Massachusetts Data Privacy Laws
University Records Policy
Confidential Records Destruction
Information Classification and Handling Policy