Purpose

In the normal course of working for the University, employees may receive and/or have access to information that is confidential, sensitive, and/or proprietary in nature. Employees are expected to maintain such information in confidence and to use this information only for the purposes of satisfying employment responsibilities and tasks for the University.

Scope

This policy applies to all confidential information of the University.

Policy

Confidentiality

University employees, and those performing services for the University, must not communicate or disclose, or cause to be communicated or disclosed, confidential information to any unauthorized person or entity or use any confidential information improperly. Employees must exercise reasonable efforts to protect the confidentiality of the confidential information they receive, access, and/or have access to. Confidential information is owned solely and exclusively by the University and shall remain the exclusive property of the University. Upon the University’s request, employees must return to the University and not retain any confidential information (to the extent possible). For purposes of this policy, confidential information includes but is not limited to information, regardless of its form or means of communication used by, belonging to, or relating to the University that is proprietary or restricted in nature and that is not generally known or available to the public, including: processes; plans; policies; procedures; employment; legal affairs; regulatory affairs; assets; inventory; business and/or trade secrets; marketing; advertising; expenses; methodologies; revenues; contracts; corporate governance; financial information; costs of goods and/or services; relationships with third parties; students; strategies; projections; analyses; summaries; alumni; donors; or other materials or documents prepared by or at the direction of the University which contain, reflect and/or are based, in whole or in part, on any of the above confidential information

The University has additional obligations that require it to maintain the confidentiality of certain other types of information, including but not limited to the legal obligations of the Family and Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). Please see these specific policies for additional information. There are additional, specific policies that govern other types of confidential and sensitive information in the University’s possession, including personally identifiable information (PII). More information can be found here: Privacy Policy.

With the rapidly developing and evolving area of artificial intelligence and related technology – such as chat gpt and other similar technologies, programs, tools, etc. – the confidentiality obligations of Lindenwood employees include not disclosing or inputting any sensitive or confidential information into these third-party systems. Confidential information not to be disclosed includes, but is not limited to: all information identified in this policy, non-directory student information, confidential employee/employment information, contracts, non-public financial information, confidential third party information, University information not publicly available, and the like as some examples.

Employees should immediately report to the University if they believe confidential information, including other data, may have been compromised and/or improperly accessed, disclosed, acquired, or exfiltrated. Reports should be made to TJ Rains, Vice President, Information Technology and Chief Information Officer at trains@lindenwood.edu or (636) 949-4347, and/or to Mark Falkowski, General Counsel, at mfalkowski@lindenwood.edu or (636) 949-4916.