IVCC Information Security Plan

Important information about the privacy of student records

Adapted from SVCC Information Security Plan, 3/03. IVCC Revision 07/07

Formation of the Information Security Team

Goals: To provide comprehensive training to faculty,

staff, and administration to ensure adherence to the FERPA and GLB guidelines.

To evaluate the current procedures in order to ensure the administrative, technical, and physical safeguarding of personal information.

Who is on the team?

Vice President for Business Services & Finance—Jerry Corcoran

Director of Admissions & Records—Tracy Morris Director of Human Resources—Glenna Jones Director of Information & Technology—Harold

Barnes Controller—Cheryl Roelfsema Assistant Controller/Bursar—Carolyn Chapman

What areas are affected?The following have been identified as relevant areas by the Information

Security Team to be considered when assessing the risks to customer information:

Employee management and training Information systems Managing system failures Student loans Student Financial Assistance office Admissions and Records office Business office Bookstore Corporate and Community Services office Faculty—especially with regards to rosters and educational records

Truly, everyone in the college is affected!

GLB BasicsGramm

Leach

Bliley

Act (1999)Also referred to as the Financial

Modernization Act

GLB Basics3 principles of GLB

Financial Privacy Rule--Governs the collection and disclosure of customer’s

personal financial information by financial institutions

Safeguard Rule--Requires financial institutions to design, implement,

and maintain safeguards to protect customer information

Pretexting provision--Protects consumers from individuals and companies

that obtain their personal information under false pretenses

GLB Basics continued

We are required by law to Ensure the security and confidentiality

of covered recordsProtect against any anticipated threats

or hazards to the security of such records

Protect against unauthorized access or use of such records or information in ways that could result in substantial harm or inconvenience to customers

FERPA Basics

FamilyEducationalRights andPrivacyAct

Also referred to as the Buckley Amendment

How does it tie together?

Colleges and universities that comply with FERPA will be deemed to be in compliance with FTC

privacy rules under the GLB Act.

FERPA Basics

Four basic rights for the adult student To inspect and review their educational

records The right to seek to have the records

amended The right to have some control over the

disclosure of information from the records The right to file a complaint with the US

Department of Education in Washington

FERPA Basics Continued

Student records are confidential and may not be released without specific written consent of the student.

The college has the responsibility to protect educational records in its possession.

Directory information can be released without written permission. However, students can opt to keep this confidential as well.

“Need to Know” is the guiding principle.

Directory Information vs. Educational Records

Directory Information Name Address Phone number Major Dates of attendance Degrees/Awards Most recent educational institution attended Photographs Participation in activities/sports Weight/height of athletes

Directory Information vs. Educational Records

Educational Records Personal information Enrollment records Grades Schedules

Doesn’t matter if it is a paper record or electronic record

Does not include: Records kept solely by the instructor/administrator Security documents Employee records Information once the person is no longer a student

Prior Written Consent

A signed, dated document Must specify exactly which records are to be

disclosed Must specify the purpose of the disclosure Must specify the person to whom the records will

be disclosed Can NOT use a blanket statement Forms will be available in the Admissions and

Records Office

When is Written Consent not needed? For legitimate educational purposes within

the college For officials at an institution where the

student seeks to enroll To comply with a court order or subpoena In connection with a health or safety

emergency if necessary to protect the student or others

When is Written Consent not needed? (continued)

For parents of students who are dependents and have provided IRS documentation as such. (Forms and procedures will be developed and available in the Admissions and Records Office.)

If it is directory information For accrediting organizations For appropriate parties in connection with

Financial Aid If you are not sure, ASK!

DO….

Shred any information with social security numbers once you are finished with it

Log off Colleague or any other screens containing student information whenever you leave your desk

Use Colleague ID as primary identifier and SS# as secondary.

Pay attention to FERPA tags on Colleague

Ask if you ever have a question about whether or not to release information

DO NOT…. Use any part of the Social Security

number in a public posting of grades Link a student name to SS# in any public

manner Leave graded tests out for students to pick

up Circulate a printed class list with name and

SS# for attendance Discuss student progress with anyone

without the written consent of the student

DO NOT…. (continued)

Provide anyone with lists of students in your class for any commercial purpose

Provide anyone with student schedules or help anyone find a student on campus

Leave your door open when your office is vacant

Leave grades, tests scores, personal information in view on your desk or your computer

Go ahead and read up…

We’ve provided information on the IVCC policy in the college catalog and in the packet provided.

Training is done several times a year. If you ever want a refresher, contact HR to find out when the next session is.

Helpful Guidelines

Keep this cherry-colored sheet handy in case you have questions.

Please remember customer service is essential. It is important to maintain the information security, but to do so in a professional manner.

If you ever have a question, come to the Records Office.

Questions?

We will be working across the college to train all faculty and staff. If you ever have questions, call us at 224-0437.

We welcome your suggestions and input. Please take a few moments to complete the evaluation.

Thank you!