2. IVCC Information Security Plan Important information about the privacy of student records Adapted from SVCC Information Security Plan, 3/03. IVCC Revision 07/07

3. Formation of the Information Security Team Goals: To provide comprehensive training to faculty, staff, and administration to ensure adherence to the FERPA and GLB guidelines. To evaluate the current procedures in order to ensure the administrative, technical, and physical safeguarding of personal information.

4. Who is on the team? Vice President for Business Services & Finance—Jerry Corcoran Director of Admissions & Records—Tracy Morris Director of Human Resources—Glenna Jones Director of Information & Technology—Harold Barnes Controller—Cheryl Roelfsema Assistant Controller/Bursar—Carolyn Chapman

5. What areas are affected? The following have been identified as relevant areas by the Information Security Team to be considered when assessing the risks to customer information: Employee management and training Information systems Managing system failures Student loans Student Financial Assistance office Admissions and Records office Business office Bookstore Corporate and Community Services office Faculty—especially with regards to rosters and educational records Truly, everyone in the college is affected!

6. GLB Basics Gramm Leach Bliley Act (1999) Also referred to as the Financial Modernization Act

7. GLB Basics 3 principles of GLB Financial Privacy Rule --Governs the collection and disclosure of customer’s personal financial information by financial institutions Safeguard Rule --Requires financial institutions to design, implement, and maintain safeguards to protect customer information Pretexting provision --Protects consumers from individuals and companies that obtain their personal information under false pretenses

8. GLB Basics continued We are required by law to Ensure the security and confidentiality of covered records Protect against any anticipated threats or hazards to the security of such records Protect against unauthorized access or use of such records or information in ways that could result in substantial harm or inconvenience to customers

9. FERPA Basics Family Educational Rights and Privacy Act Also referred to as the Buckley Amendment

10. How does it tie together? Colleges and universities that comply with FERPA will be deemed to be in compliance with FTC privacy rules under the GLB Act.

11. FERPA Basics Four basic rights for the adult student To inspect and review their educational records The right to seek to have the records amended The right to have some control over the disclosure of information from the records The right to file a complaint with the US Department of Education in Washington

12. FERPA Basics Continued Student records are confidential and may not be released without specific written consent of the student. The college has the responsibility to protect educational records in its possession. Directory information can be released without written permission. However, students can opt to keep this confidential as well. “Need to Know” is the guiding principle.

13. Directory Information vs. Educational Records Directory Information Name Address Phone number Major Dates of attendance Degrees/Awards Most recent educational institution attended Photographs Participation in activities/sports Weight/height of athletes

14. Directory Information vs. Educational Records Educational Records Personal information Enrollment records Grades Schedules Doesn’t matter if it is a paper record or electronic record Does not include: Records kept solely by the instructor/administrator Security documents Employee records Information once the person is no longer a student

15. Prior Written Consent A signed, dated document Must specify exactly which records are to be disclosed Must specify the purpose of the disclosure Must specify the person to whom the records will be disclosed Can NOT use a blanket statement Forms will be available in the Admissions and Records Office

16. When is Written Consent not needed? For legitimate educational purposes within the college For officials at an institution where the student seeks to enroll To comply with a court order or subpoena In connection with a health or safety emergency if necessary to protect the student or others

17. When is Written Consent not needed? (continued) For parents of students who are dependents and have provided IRS documentation as such. (Forms and procedures will be developed and available in the Admissions and Records Office.) If it is directory information For accrediting organizations For appropriate parties in connection with Financial Aid If you are not sure, ASK!

19. DO…. Shred any information with social security numbers once you are finished with it Log off Colleague or any other screens containing student information whenever you leave your desk Use Colleague ID as primary identifier and SS# as secondary. Pay attention to FERPA tags on Colleague Ask if you ever have a question about whether or not to release information

20. DO NOT…. Use any part of the Social Security number in a public posting of grades Link a student name to SS# in any public manner Leave graded tests out for students to pick up Circulate a printed class list with name and SS# for attendance Discuss student progress with anyone without the written consent of the student

21. DO NOT…. (continued) Provide anyone with lists of students in your class for any commercial purpose Provide anyone with student schedules or help anyone find a student on campus Leave your door open when your office is vacant Leave grades, tests scores, personal information in view on your desk or your computer

22. Go ahead and read up… We’ve provided information on the IVCC policy in the college catalog and in the packet provided. Training is done several times a year. If you ever want a refresher, contact HR to find out when the next session is.

23. Helpful Guidelines Keep this cherry-colored sheet handy in case you have questions. Please remember customer service is essential. It is important to maintain the information security, but to do so in a professional manner. If you ever have a question, come to the Records Office.

24. Questions? We will be working across the college to train all faculty and staff. If you ever have questions, call us at 224-0437. We welcome your suggestions and input. Please take a few moments to complete the evaluation. Thank you!