Confidential Information

It is important to handle all confidential information with discretion, labeling it "confidential*, " safeguarding it when in use, filing or disposing of it properly when not in use, and discussing it only with those who have a need to know for a legitimate business reason. In most cases, College data of a personally identifiable nature shall remain secure from public disclosure (release to third parties) without specific permission from the individual to whom those data apply. All users of College data and information systems must follow the practices outlined below

Data originated or stored on College computer systems are College property. Employees will access only data that are required for their job. Employees will not make or permit unauthorized use of any College data. They will not seek personal or financial benefit or allow others to benefit personally or financially by knowledge of any data that has come to them by virtue of their work assignment.

Employees will not release College data in any format except as required in the performance of their job. Employees will not remove an official record or report, or copy of one, from the office where it is maintained, except as may be necessary in the performance of their job. They will not exhibit or divulge the contents of any record or report to any unauthorized person except in the conduct of their work assignment and in accordance with office and College policies and procedures.

Employees will not share their computer login information, including password(s) with others or leave their written password(s) in a place that could be accessible by others. If a user has reason to believe others have learned their password(s), they will report the problem to their supervisor and will take appropriate action to have the password(s) reset. Employees will not attempt to use the logins and passwords of others, nor allow their logins and passwords to be used by others.

Employees will maintain security for College data in their possession or to which they have access by protecting computer media, forms and printouts from unauthorized access and will dispose in a safe manner. Further, employees will not leave their PC signed on when unauthorized people could access it, will change their password(s) on a regular basis, and will take other precautionary measures necessary to protect and secure confidential or sensitive data.

Examples of private, confidential information include, but are not limited to: Social Security Numbers, financial information, financial aid applications, copies of tax returns, health records, birth date, home address or phone number, passwords, gender, ethnicity, citizenship, or citizen visa code, veteran and disability status, educational services received, student academic information (grades, courses taken, schedule, test scores, advising records, etc), disciplinary actions, and student ID.

All personal and personnel information should be treated as confidential. Violation of this policy may be cause for disciplinary action up to and including termination of employment.

*Confidential data, as defined by the College includes: Information maintained on file by the College that is not designated as student directory information in accordance with FERPA. All other information is considered confidential and therefore subject to this policy.

Policy No.  583  Issued  9/7/2011