DATA SECURITY, CONFIDENTIALITY, AND ACCESS
College employees are granted access to data and information resources required to carry out the responsibilities of their position. Employees requiring access to restricted data are assigned specific access codes which they are responsible for protecting from misuse. Any College employee who knowingly damages or misuses computing resources or data will be disciplined. Access capabilities/restrictions apply to all computing resources owned by the College. Safeguards are taken to ensure the security of the resources and to maximize the integrity of the information.
The College will take appropriate measures to protect Personally Identifiable Information (PII) of its students, staff, and faculty to minimize the growing risks of identity theft. Accordingly, a social security number may not be used as a common identifier or used as a database key in any electronic information system. The College will only use personal information to the extent necessary, to enable the College to carry out its purpose in a reasonable manner. The College also has an obligation to protect personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, or destruction.
It is the obligation and intent of the College to protect by reasonable security means the PII of its students, staff, and faculty to minimize the growing risks of identity theft or other risks of disclosure. Safeguards are taken to ensure the security of the resources and to maximize the integrity of the information while stored, processed, and transmitted. This applies to all College-owned computing resources, data, and employee activities.
Collecting, accessing, storing, and disseminating PII data is strictly prohibited unless required by the tasks and responsibilities of business processes. The method of transmission must be approved by the College. As a general rule, PII should be stored on secure College servers. Employees who have permission to work with PII data are not permitted to save the data to cloud storage, portable media, or locally on a computer. Employees must not store PII on a non-College device. PII must not be transmitted via email. Employees must limit their storage of PII to that which is appropriate for the job requirements.