Personal Confidential Data

Bridgewater State University’s Responsible Use of Information Technology Policy (https://www.bridgew.edu/policy/responsible-use-of-information-technology) establishes clear expectations for all members of the campus community regarding the ethical, legal, and secure use of university technology resources. The policy is designed to ensure that BSU’s systems remain reliable, protect institutional data, and support the university’s academic and operational mission.

Limited Personal Use Is Allowed

The policy acknowledges that limited personal use of university technology resources is permitted, provided that such use:

  • Does not interfere with university business or academic operations

  • Does not violate any local, state, or federal laws

  • Does not conflict with the university’s mission or policies

This allowance recognizes that modern work often blends personal and professional tasks, and BSU technology resources can occasionally support both.

Personal Confidential Data Must Not Be Stored on University Systems

While personal use is allowed, the Confidential Data Policy does not permit non-university personal confidential data to be stored on any BSU system. Examples of personal confidential data include, but are not limited to:

  • Tax documents

  • Medical records

  • Personal financial data

  • Sensitive identification documents

Storing such information on BSU platforms increases institutional liability and creates security risks that the university is legally and ethically obligated to avoid.

Recognizing That Mistakes Can Happen

Because the policy permits limited personal use, it is understandable that accidental storage of personal confidential data may occur. For example, uploading the wrong file into OneDrive, Teams, or another university-managed platform.

If this happens, the IT Security Office will reach out through official channels. Rather than deleting the data immediately and potentially causing harm or disruption to you. The IT Security Office will make every reasonable effort to contact you.

This outreach may include:

  • Direct email communication

  • Phone calls

  • Contacting your supervisor

  • Escalation to a Vice President

The goal is always to ensure that you are aware of the issue and have an opportunity to retrieve your document.

Why the University Cannot Store Personal Confidential Data

BSU is committed to protecting both institutional and individual security. Allowing personal confidential documents to remain on university systems would:

  • Introduce unnecessary legal and regulatory risk

  • Expand the university’s liability in the event of a breach

  • Compromise the scope and clarity of required information-security protections

Yet at the same time, BSU recognizes that your personal documents may be critically important to you and that you may not have another copy. This is why the IT Security Office engages in a deliberate, communication-first approach rather than removing the data without notice.

Summary

  • Personal use of BSU technology is permitted as long as it does not interfere with university operations.

  • Personal confidential data may not be stored on university systems under any circumstance.

  • If such data is discovered, the IT Security Office will make extensive efforts to contact you before removing the data.

  • This process balances university risk management with respect for the importance of your personal documents.

 

Print Article