Procedure 5.6.4: Confidentiality and Security of Student Information for Business Office

Effective Date: Tue, Aug 12, 2008

The HCC Business Office complies with the Confidentiality and Security of Student Information Policy by implementing the following operational procedures. The Business Office also complies with the campus-wide Procedure for Confidentiality and Security of Student Information.

Accessing Student Information

  1. Student information can only be accessed by appropriate HCC Business Office personnel.

Collecting Student Information

  1. Student records are accessible through the college operating system and AIG system.
  2. Additional information is received directly from the student and from sponsors.

Distributing Student Information

  1. Email communication cannot include the following student information: birthdates, social security numbers or confidential information. All e-mail correspondence to and from Haywood Community College email addresses are subject to the North Carolina Public Records Law (G. S. 132.1- G. S. 132.10), which may result in monitoring and disclosure to third parties, including law enforcement.
  2. When sponsors are invoiced for student charges, the Student Colleague ID number is on the statement.

Processing Student Information

  1. Hardcopies of any student information are placed in a folder in a locked file cabinet in the Business Office.

Protecting Student Information

  1. Student Information is restricted and housed in networks accessible only by appropriate personnel; confidential student information is not stored on desktop hard drives or laptops.

Storing Student Information

  1. All hard copies of student records are kept in locked cabinets in Business Office.
  2. All digital records are stored on a server in the 200 Building Technology Office
  3. Security and confidentiality protocol for digital records follow the campus wide procedure for security and confidentiality of student information.

Using Student Information

  1. As part of the NC Community College System, HCC implemented Colleague operating system in 2006. As part of that system, student ID’s are generated for use instead of the social security number or birth date. The student ID is used in all communications regarding students, such as reports, internally. The social security and birth dates are used only for bad debt collection with the set-off debt process, which have to be verified at the receiving institution, as the student ID only applies to HCC student records.
  2. Access is provided to HCC personnel based on need to know.

Transmitting Student Information

  1. Pertinent information, such as receipt copies, is provided directly to the student in person or by US Postal Service. No information is provided to any other person without the direct consent of the student, per FERPA laws. Confidential information is not transmitted through email.

Disposing of Student Information

  1. All documents containing student information are shredded as the NCCCS retention schedule allows.

Business Continuity

  1. Business Office has on file a process for continuation of business in case of interruption
  2. This process is articulated in HCC’s Business Continuity Plan.

Responsibility for Security and Confidentiality of Student Information and Records

  1. The Executive Director of Business Operations and the Executive Director of Technology and Instructional Support are responsible for the security and confidentiality of student information and records with regard to the Business Office functions.
Up one level