Privacy

Sensitive Data/Privacy

Sensitive/Private data is defined as any data that could provide access to personal information of an individual or institution. Such data includes, but is not limited to, documents and files that may contain Personally Identifiable Information such as financial, human resources, payroll and student information documents and files.
Personally Identifiable Information (“PII”) is defined as any of the following:
• First, Middle, Last Names
• Social Security Number
• Passport Number
• Employee or Student Identification Number (M#)
• State or Federally Issued ID numbers (e.g., driver’s licenses).
• Date of Birth
• Maiden Name
• Mother’s Maiden Name
• Credit Card or Financial Account Information
• Results of background or criminal history checks
• Payroll and salary information
• Medical Information
• Accommodation requests and related information
• Biometric data (such as fingerprint, voice print, retina, or iris images)
• Digital or other electronic signature files.
• PII data should never be stored on local hard drives or external storage media or by using any using software or account that has not been approved by the Director of Compliance and the Executive Director of Information Technology.


External Transmission of Sensitive data
Sensitive data must never be transmitted outside of the College system via insecure means, including email and File Transfer Protocol (FTP). The Information Technology Department shall provide secure email and file encryption resources to employees and/or departments for strict compliance of HIPAA and FERPA Privacy Regulations.


Data Privacy and Software Use
Any person having data representation in a college database has the right to data privacy. There are specific federal and state legal rights involving personal data access, manipulation and dissemination that are afforded to everyone. They address:
• Right of access - "legitimate interest" required in the normal conduct of business
• Manipulation - being accomplished with full knowledge and consent of the file or
account owner
• Dissemination of data - only to persons or agencies having a "need to know"


FERPA
In addition, students have specific rights under the Family Educational Rights and Privacy Act of 1974 including access to their data by themselves and their families. College procedure governing the implementation of the provisions of this Act is detailed in the Student Handbook (“Release of Student Information"). In general, student educational records should be accessible to college faculty and staff when they have a "legitimate educational interest in the data". Personally identifiable information can only be released to other persons or agencies within the limitations described in the procedure.


Data privacy restrictions also apply to the creation and release of student data in response to special external requests outside normal college operations.

They specify that:
• Release of student data must conform to the provisions of the Family Educational Rights
and Privacy Act. If there is doubt regarding this, please contact the Registrar.
• Use of the data must have a legitimate educational basis. If in doubt, please contact the
Vice President for Learning and Academic Affairs.
• Creation of special lists or reports must not unduly interfere with college operations.


Data requests are handled by the Information Officer, the Vice President for Administrative Services.


There may be a charge for the creation of special lists and reports. The current College charge is $50 per hour for computer personnel and computer time to produce the material plus 10 cents per page for the printout. The rates may be changed by the Vice President for Administrative Services.