Confidential Data

Confidential data refers to business sensitive and personally identifiable information (PII) not intended for disclosure outside the organization. Confidential data includes Family Educational Records Protection Act (FERPA) data, Health Information Portability and Accountability Act (HIPAA) records, and Payment Card Industry (PCI) data.

The University of Dayton policy on Electronic Use of Confidential Data details the types of data used by the University. The charts can be used to assist with identifying and securing sensitive information within the University.

Confidentiality Agreements

Confidentiality Agreement PolicyConfidentiality Agreement Form

Cornell Spider

Cornell's Spider tool - Spider is a free, open-source tool provided by Cornell University. The University of Dayton has selected this tool to find personally identifiable information (PII) on user desktops, notebooks, and removable media. Spider is 95%+ accurate in regards to finding PII data.


Encryption is the conversion of data into a form, called a ciphertext, which cannot be easily understood by unauthorized users. Decryption is the process of converting encrypted data back into its original form so it can be understood. Encryption ensures University of Dayton confidential data is protected against unauthorized access.

The loss or theft of laptops and mobile devices presents a great risk to personally identifiable information (PII) and intellectual property potentially stored on these devices. At the request of the Board of Trustees and subsequent mandate of the President's Council, UDit has been tasked with identifying and installing a full disk encryption solution on all UD owned laptops. Unit IT staffs are partnering with us in this task.

Please contact your unit's IT staff or the UDit Risk Management Office if you have questions or an immediate need for encryption on your device.

IT Security Incidents

An IT security incident is "any adverse event which compromises some aspect of computer or network security." Security incidents that must be reported include lost/stolen laptops or removable media, a virus on a workstation, or compromise of user credentials. All incidents should be taken seriously and reported according to the University policy on IT Incident Handling. When in doubt, report it!

Contact for More Information

IT Risk Management Office

Call: 937-229-4387