R572.1. Purpose: To establish policies and standards governing noncapital asset inventory and tracking within the Utah System of Higher Education (USHE).
2.1. Utah Code §63G-2 (Utah Government Records Access Management Act)
2.2. 20 U.S.C. § 1232g; 34 CFR Part 99 (Family Education Rights and Privacy Act)
2.3. HIPAA; Pub.L. 104–191, 110 Stat. 1936 (Health Insurance Portability and Accountability Act of 1996)
2.4. Regent Policy, R345 (Information Technology Resources Security)
3.1. Acquisition Cost: The net invoice unit price including the cost of modifications, attachments, accessories, or auxiliary apparatus necessary to make the property usable for the purpose for which it is acquired.
3.2. Disposal: To pass or part with, in relieving custodial responsibility when an asset is sold, lost, obsolete, or damaged beyond economic repair.
3.3. Noncapital Asset: Equipment or other physical asset with an acquisition cost of less than $5,000 per unit and with a useful life of greater than one year.
3.4. Personally Identifiable Information (PII): Information protected by federal and state laws and regulations, including federal regulations administered by the U.S. Department of Homeland Security (DHS), and is defined by DHS as “any information that permits the identity of an individual to be directly or indirectly inferred, which if lost, compromised, or disclosed without authorization could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.” PII must be protected prior to release in accordance with the Utah Government Records Access and Management Act or other disclosures required by law.
PII does not include “public information” as defined by the Utah Government Records Access and Management Act, or in the case of student records, “directory information” as defined by the Family Education Rights and Privacy Act.
PII includes but is not limited to the following:
3.4.1 Full Social Security Number
3.4.2. Driver’s license or State ID number
3.4.3. Passport number
3.4.4. Visa number
3.4.5. Alien Registration Number
3.4.6. Fingerprints or other biometric identifiers
3.4.7. Full name in combination with:
220.127.116.11. Mother’s maiden name
18.104.22.168. Date of birth, last 4 digits of SSN
22.214.171.124. Citizenship or immigration status
126.96.36.199. Ethnic or religious affiliation
3.4.8. Protected Health Information, as defined by the Health Insurance Portability and Accountability Act of 1996.
4.1. Noncapital Asset Inventory: Each institution shall affix an asset tag with a unique identifier to, and maintain an inventory of, the following non-capital assets:
4.1.1. Assets with an acquisition cost greater than or equal to $3,000.
4.1.2. Institution-owned computers and laptops that may contain PII at any point during the institution’s ownership of the asset.
4.2. Each institution shall retain an updated list of all inventoried noncapital assets until such items are processed for disposal. This list should include the names of the custodian to whom each asset is assigned.
4.3. Each institution shall review the existence and ownership of all inventoried noncapital assets at least annually to ensure the asset is in possession of the designated custodian.
4.4. Noncapital asset custodians shall immediately report any lost or stolen noncapital assets to the their immediate supervisor.
4.5. A list of missing institution assets shall be reported to the institution’s vice president for business or finance at least annually.
4.6. Institutions may create policies that are more restrictive than this policy