Print Form The Data Access and Security Compliance Statement

Print Form The Data Access and Security Compliance Statement New College of Florida DATA ACCESS AND COMPLIANCE STATEMENT Federal and State Acts The Family Education Rights and Privacy Act The federal Family Education Rights and Privacy Act (FERPA), also known as the "Buckley Amendment," directs New College of Florida (NCF) to keep certain student records private from third parties and to make others available for inspection and copying by students. Under the federal regulations implementing the act, every student in attendance at the College or who has been in attendance here has a right to inspect and review their "educational records." This includes a right to a response for explanations and interpretations of records and the right to obtain copies of the records. Releasing Student Information The College may not disclose information from a student's record without first obtaining the written consent of the student, several exceptions are noted below. Parents of College students do not have the right to have access to these records and are treated as any other member of the public unless the student has given written consent for release of such records to them. Release without student consent may be done under certain limited circumstances. Some of those circumstances are: — Release of public (directory) information regarding a current or former student. NCF has designated the following items as public information: name, home and local address and telephone, school or college, class level, major field, dates of attendance at NCF, any degree received and date awarded, honors and awards received, participation in recognized activities, previous school attended, and height and weight of members of intercollegiate athletic teams. However, a student has a right to refuse to have such information released. In such an event, the student must file with the College's Registrar a request that such information not be released. — Select student records may be disclosed to staff members who demonstrate a need to know consistent with their official functions for the College and consistent with normal professional and legal practices. — The information may be released to state or federal educational authorities. — The information may be used to determine the eligibility of the student for financial aid. — The information may be released to organizations conducting studies for or on behalf of the College to develop, validate, or administer predictive tests, administer student aid programs, or improve instruction. Note: Information protected under FERPA is exempt from disclosure under the Freedom of Information Act (FOIA). September 2008 Access and Compliance Page 2 Applying Policies to the Data Access Environment All the previously summarized policies apply to the Data Access environment. In addition, this section identifies the steps you should take as a responsible data user to ensure the protection and appropriate use of data. What Can You do to Secure the Data to which You have Access Campus Computing has a responsibility to provide a secure environment to protect centrally maintained data. As an individual, you have a responsibility to secure data in your local environment. Securing data means providing physical protection from unauthorized access. Some examples of measures you can take to secure data: — Prior to sharing data with others, electronically or otherwise, ensure that the recipient is authorized to access the data and understands their responsibilities as a user. — Log out of / exit from the application. — Password protect your workstation. — Keep passwords to yourself. — Lock confidential reports in a desk drawer when not in use. What Are Privacy and Data Sensitivity Levels? Data sensitivity levels are categories by which all data is classified according to its potential use and the degree of security and privacy it requires. Each data element is assigned to one of three categories: public data, private/confidential data, or sensitive data. These categories are defined in the Data Administration Guidelines for Institutional Data Resources as follows: — Public Data: Data with this security designation have no access restriction and may be released to the general public. — Private/Confidential Data: Data with this security designation are available to College employees who are required to access these data in the performance of their official College duties. Except when otherwise noted, all institutional data is designated as Private/Confidential. — Sensitive Data: Data with this security designation are available only to College employees who have obtained specific authorization for access. Sensitive data should never be released in a manner which would allow the data element values to be identified with a specific person or persons. September 2008 Access and Compliance Page 3 Information Misuse and Consequences To clarify your responsibilities, this section provides examples of how data might be misused, unintentionally or deliberately. It is important to note that these examples are representative and not intended to be an exhaustive list. Examples of Violations — Obtaining or attempting to obtain access to sensitive data not within the scope of one's College responsibilities. — Using information for personal benefit. — Releasing information in an inappropriate manner. — Using information inaccurately, conflicting with published, sanctioned College information or statistics. — Willful manipulation (i.e. adding, deleting, changing) of data without authorization. Consequences of Misuse The consequences of the misuse of information affect the violators, individuals, groups, and the College. Here is a list of possible consequences to: Individuals or Groups whose information is used inappropriately could/may experience: — Violation of privacy — Loss of opportunity or exclusion — Discrimination — Harrassment The College whose information is used inappropriately could/may experience: — Loss of state and/or federal funding — Lawsuits — Loss of faith and trust on the part of employees and students The Violators who use information inappropriately could/may experience: — Disciplinary action including fines, suspension, or dismissal — Loss of credibility — Lawsuit from the College or individuals September 2008 Access and Compliance Page 4