SECTION OVERVIEW AND POLICIES
There are many State and Federal laws governing the access and dissemination of confidential, personal and private information (hereinafter, “confidential information”), such as:
- The Privacy Act of 1974
- Right to Financial Privacy Act of 1978
- Public Officers Law
- The Freedom of Information Act
- Health Insurance Portability and Accountability Act
Additionally, certain sections of law may protect other specific information. For example, Executive Law, Article 22, Section 633 protects as confidential those records related to crime victims.
Examples of common confidential information include:
- Social Security numbers;
- Credit/debit card numbers;
- Driver license numbers;
- Bank account numbers;
- Addresses for individuals;
- Non-business telephone numbers;
- Dates of birth;
- Medical information; and
- Other information protected by law.
Process and Document Preparation:
There are limited business processes where confidential information is needed in the SFS. As such, there are restricted fields in which Business Units enter the confidential information. Additionally, security roles restrict access to the confidential information. For example, bank account information used to process ACH transactions is stored in the Vendor File and access is restricted.
Business Units must not enter confidential information in fields in the SFS that have not been designed to hold such information.
Business Units should be especially mindful of fields in which employees may freely enter information without restriction (free form fields). Unlike restricted fields, free form fields may not have appropriate security settings to prevent unauthorized access and/or redistribution. Examples of such free form fields include Invoice Number, Invoice Description and Comment fields.
Correcting Confidential, Personal and Private Information in Free Form Fields
If a Business Unit has entered any confidential information in a free form field in the SFS, please contact SFS immediately at [email protected] and provide the control document number (e.g., voucher number), a description of the confidential information, and the field name(s) in which the confidential information resides.
Imaging and Attachments
In addition, there may be circumstances where Business Units process transactions related to confidential information where the Business Unit uses the attachment feature in SFS. In these situations, Business Units must protect the confidential information consistent with Chapter XIV, Section 9 - Statewide Financial System Imaging and Attachment Guidance of this Guide.
Guide to Financial Operations
REV. 03/25/2013