Administrative Data Use
St. Olaf College uses access controls and other security measures to protect the confidentiality, integrity, and availability of the college’s data and information. Data and information can be stored and transmitted in a variety of ways, including but not limited to computer files stored on desktop computers, CD’s, servers, portable electronic storage devices, paper files, audio or video files, telephone calls, and verbal communications. The College is the owner of all administrative data although the individual units or departments may have stewardship responsibilities for portions of that data.
The use of any St. Olaf College data and information, in any format, for anything beyond the operation of the college is strictly forbidden. Unacceptable uses includes sharing the data with groups, organizations, or activities that are not college-sponsored or college-approved, use of data for personal gain, use of data to satisfy personal curiosity, removing data or reports from the campus except in the required performance of college duties, or use by individuals outside of their normal job responsibilities.
St. Olaf classifies data into three categories:
Protected. This data is protected under state and federal regulations such as FERPA, HIPPA, Graham-Leach-Bliley, and others. Data elements in this group include, but are not limited to, social security numbers, student ID numbers, credit card numbers, medical information, bank account numbers, grades, date and/or location of birth, drivers license information, ACH (automated clearing house) numbers, tax return information, credit rating, income history, loan payment history, passport information, coursework, etc. See Appendix A for a more complete listing of protected data elements.
Confidential. This data is not protected under state and federal regulations but the college has determined that this information should be held private. This data may include promotion materials, salary, employee ID numbers, review files, etc. Appendix A contains a more complete list of data elements the college has classified as confidential.
General College Data. This data pertains to the operation of the college and use is not restricted. See Appendix A for student information classified as public directory information.
Individuals wishing to access or use college data must request such access through the "data custodian" for that particular data set. Each office, department, or division that maintains core college data (protected, confidential or general) is responsible for assigning one or more individuals to serve as data custodians. These data custodians are responsible for managing the use, access, archiving, and sharing of the data to ensure that it is properly handled within their office area and by those that are granted access to the data.
Individuals who are given rights to access or use college data are responsible for maintaining the privacy of protected and confidential data and must agree to abide by any college policies and state or federal laws and regulations governing such data. Individuals may be required to take training on FERPA, HIPPA, GLBA, etc. prior to getting access to those data elements.
In order to maintain the security of the college’s data and information the college retains the authority to:
- restrict or revoke any user's privileges,
- inspect, copy, remove, or otherwise alter any data, program, or other system resource that may undermine these objectives, and
- take any other steps deemed necessary to manage and protect its information systems and the data and information held within those systems.
This authority may be exercised with or without notice to the involved users. St. Olaf College disclaims any responsibility for loss or damage to data or software that results from its efforts to meet these security objectives.
(IIT, August, 2006)