Information Safety

College Records and Information Management

The College maintains a records and information management program to assist its members to create, maintain, and manage records, and eventually dispose of those records which are no longer needed or valuable to the College. It develops institution-wide schedules that define minimum retention periods and disposition guidelines and incorporate the legal, administrative, audit, and historical values of the records and information.

Purpose

This policy establishes a records and information management program and implementation framework for the College to support efficient administrative processes, ensure compliance with legal requirements, safeguard documents of enduring value, and maintain accountability.

Application

This policy applies to all units of the College.

Responsibilities

  • Personnel: Follow the College retention schedules to manage records. Properly dispose of information that has met the retention period.
  • Units: Retain records according to the retention schedule, forwarding records to the archives when applicable, and properly dispose of information that has met the retention period.

Definitions

“Archives” shall mean the repository for the College’s valuable historical documents, collections, data, photographs, publications, and websites. It serves as the institutional memory of the College by acquiring and maintaining records of enduring value that chronicle the process of the College’s development.

“Records” shall mean, as defined by the International Organization for Standardization, “information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business.” Records can take any form, including but not limited to: written and printed matter, drawings, maps, plans, photographs; microforms; motion picture films, sound and video recordings; and electronic data.

  • “Confidential records” is a classification meaning that due to legal regulations or other compelling concerns, these records must be protected from unauthorized disclosure or transmission.
  • “Drafts and working files” are preliminary versions of records. They may be kept as long as administratively useful, but should normally not be retained longer than the official record copy (except for specific cases such as audit working papers).
  • “Duplicate records” may be created for the convenience of other departments, offices, or employees.
  • “Official records” are in a final form and have been authenticated by the authorized party for business application.

“Retention schedules” shall mean the plans listing the types of records, the retention period for each record type and the reason for retention, and, if applicable, the appropriate mode of disposition (trash/recycle, secure shred, or transfer to archives).

Use of College Information Technology Resources

The College provides information technology (IT) resources to support its goals of teaching and learning, scholarship and creative activities, and service. Only College faculty and staff, students, and other persons who have received permission under the appropriate College authority are authorized users of the College’s IT resources.

Use of College IT resources is limited to work and learning that is related to the College. However, incidental and occasional personal use of the resources may occur when such use is not in violation of any College policies or laws.

Information Security

The College operates an ongoing Information Security Program (“ISP”) to safeguard the confidentiality, integrity, and availability of College records and the security of College information systems.

The College has designated the Provost as its ISP Coordinator.

The ISP Coordinator(s) will oversee and coordinate with the appropriate personnel to do the following:

  • identify and assess external and internal risks to the security, confidentiality, and integrity of covered information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other mishandling of such information.
  • design and implement safeguards, as needed, to control the risks identified in assessments. These safeguards shall include technical measures and procedures for preventing, detecting, and responding to intrusions, misuse, and other system failures. These safeguards shall also include training of staff in proper handling of covered information.
  • develop and incorporate requirements for service providers to implement and maintain appropriate safeguards for covered information.
  • evaluate and adjust the ISP as needed.

The ISP documentation may incorporate by reference related policies and procedures that the College has implemented in the letter or spirit of federal and state information privacy and security laws and regulations, including but not limited to: FERPA, HIPAA, GLBA, FACT Act, and FTC regulations.

“Covered information” shall mean any record maintained by the College containing “nonpublic personal information” about a student or other third party who has a continuing relationship with the College, where such information is obtained in connection with the provision of a service or product by the College.

“Customers” shall mean students, employees, alumni, and any other third party engaged in a financial transaction with the College.

“Financial institution,” as defined in the GLBA, means any institution engaging in the financial activities enumerated under the Bank Holding Company Act of 1956, including “making, acquiring, brokering, or servicing loans” and “collection agency services.”

“Information Technology (IT) Resources” shall mean all tangible and intangible computing and network assets provided by the College or by authorized third parties, regardless of whether those resources or assets are accessed from on-campus or off-campus locations or via devices, e.g., hardware, software, wired and wireless network and voice telecommunications assets and related bandwidth, desktop computers, tablets and phones, and printers.

“Privacy” shall mean a personal right that reflects an individual’s freedom from intrusion. Protecting privacy means ensuring that information about individuals is not disclosed to unauthorized parties without the individual’s consent.

Intellectual Property

This policy addresses the rights of intellectual property produced by members of the College community.

Guiding Principles

The College encourages the creation and wide dissemination of creative works, knowledge, new ideas, inventions, and educational materials. The College wishes to provide recognition to individual creators for their works and inventions. Generally, the College will claim an ownership interest in intellectual property in which it has an identity or functional interest or which is produced with substantial College resources beyond those customarily provided.

Definitions

“Copyright” shall mean the rights granted by federal law to the owner of a copyright in a work to do and to authorize (others to do) any of the following: to reproduce the copyrighted work; to prepare derivative works based upon the copyrighted work; to distribute copies or phonorecords of the copyrighted work; to perform certain copyrighted works publicly; to display certain copyrighted works publicly; and to perform sound recordings publicly by means of a digital transmission.

“Intellectual property (IP)” shall mean a work or invention that is the result of creativity, to which law allows various ownership rights so that the creators have incentive to develop and disseminate those creations, e.g., copyrights, patents.

“Work,” for copyright purposes, shall mean a work protected under United States copyright law (from U.S. Code, Chapter 17, §102: “copyright protection subsists … in original works of authorship fixed in any tangible medium of expression, now known or later developed, from which they can be perceived, reproduced or otherwise communicated, either directly or with the aid of a machine or device.”)

Copyright Ownership

  1. Ownership of Academic Works. Faculty and staff, and students shall own the copyright in the scholarly, pedagogical, and creative works they create, except for those works described just below in this section, or unless otherwise provided in a written agreement between the creator(s) and the College.

  2. College Ownership. The College shall own the copyright in the following works created by College faculty and staff, or students, acting individually or jointly with others: works created by faculty or staff acting within the scope of their work duties, except for academic works created and owned by faculty under this policy; works agreed upon between the College and faculty/staff creator(s), the creation of which is based on a specific request by the College and which is supported by substantial College resources beyond those customarily provided to faculty and staff; works specially ordered or commissioned by the College and for which the College has agreed, in writing, to specially compensate or provide other support to the creator(s); works created in connection with the administration of the College; and works created under an outside sponsored project that provides College ownership of the copyright in the works.

  3. Ownership under Outside Sponsored Agreements. The ownership of copyright in works created under an agreement with an outside sponsor shall be determined consistent with the terms of the agreement and applicable law.

  4. Works Created by Independent Contractors. Copyright ownership in works created by independent contractors shall be determined consistent with applicable law and the contract between the College and the independent contractor.

College Policies  ›  Information Safety