III.8
Confidential, Personal, and Private Information


SECTION OVERVIEW AND POLICIES

 

There are many State and Federal laws governing the access and dissemination of confidential, personal and private information (hereinafter, “confidential information”), such as:

 

 

Additionally, certain sections of law may protect other specific information. For example, Executive Law, Article 22, Section 633 protects as confidential those records related to crime victims.

Examples of common confidential information include:

 

 

Process and Document Preparation:

There are limited business processes where confidential information is needed in the SFS. As such, there are restricted fields in which Business Units enter the confidential information. Additionally, security roles restrict access to the confidential information. For example, bank account information used to process ACH transactions is stored in the Vendor File and access is restricted.

Business Units must not enter confidential information in fields in the SFS that have not been designed to hold such information.

Business Units should be especially mindful of fields in which employees may freely enter information without restriction (free form fields). Unlike restricted fields, free form fields may not have appropriate security settings to prevent unauthorized access and/or redistribution. Examples of such free form fields include Invoice Number, Invoice Description and Comment fields.

Correcting Confidential, Personal and Private Information in Free Form Fields

If a Business Unit has entered any confidential information in a free form field in the SFS, please contact SFS immediately at HelpDesk@sfs.ny.gov and provide the control document number (e.g., voucher number), a description of the confidential information, and the field name(s) in which the confidential information resides.

 

Imaging and Attachments

In addition, there may be circumstances where Business Units process transactions related to confidential information where the Business Unit uses the attachment feature in SFS. In these situations, Business Units must protect the confidential information consistent with Chapter XIV, Section 9 - Statewide Financial System Imaging and Attachment Guidance of this Guide.

 

 

 

Guide to Financial Operations
REV. 03/25/2013