University Privacy Policies 

  • Confidentiality of Student Records - outlines the circumstances under which personally identifiable information from a student's or applicant's record generally may be disclosed.
  • Confidentiality of Faculty and Staff Records - (Human Resources Policy #201) is directed at protecting the confidentiality of staff and faculty human resources records.
  • Policy on Security of Electronic Protected Health Information (ePHI) - describes the security safeguards that must be in place to ensure the security of patient medical information within the University community.
  • Privacy in the Electronic Environment - highlights some general principles that should help to define the expectations of privacy of those in the University community.
  • Social Security Number Policy - establishes expectations around the use of SSNs - sensitive data whose misuse poses privacy risks to individuals, and compliance and reputational risks to the University. It calls on staff, faculty, contractors, and agents of the above to inventory their online and offline SSNs and reduces the above risks.
  • PCI Compliance Policy - defines the PCI Compliance for Credit Card Sales at the University of Pennsylvania.


PennName Policies