Purpose

The purpose of this Privacy and Confidentiality Policy is to educate users of their rights and responsibilities regarding confidential information. This policy applies to students, faculty, staff, and anyone else who has authorized access to Central College information including vendors, agents and service bureaus associated with the college.

Privacy and Confidentiality

Central College is the owner of the confidential information it collects. The college reserves the right to deny access to those who fail to use such information in accordance with this policy. Users must adhere to all applicable laws such as HIPPA, FERPA and GLBA and to all college policies. We expect all users to meet the highest standards of ethics and responsibility. Non-public personal information may only be used for specific limited purposes that enable us to serve our customers, and which are permitted by law. One’s use of confidential information must not infringe upon the rights of the Central community or other users.

The college is committed to protecting the privacy of its students, alumni, parents, faculty and staff. Students, faculty, staff and anyone else authorized to use Central College confidential information are responsible for reading, understanding and complying with this Privacy and Confidentiality Policy. Central strives to educate the community in responsible use and will respond when violations are pointed out. Questions regarding this policy should be directed to the chief information officer, information technology services (641-628-5427).

Secure Technology

Each individual is responsible for protecting his/her password for access to college resources and information. Each user is responsible for all actions taken and uses of computer systems made under that individual’s username. Faculty, staff, students and guests must not tell others their passwords, post them in visible areas, or otherwise communicate a password to anyone other than IT services personnel. (In special circumstances, staff members may be asked to tell their password to their immediate supervisor.) Users who have reason to believe that their password has been compromised must change it immediately.

Central College employs industry standard practices to keep non-public information as secure as possible. Despite this intention, it cannot assure members of the Central College community that their uses of college computing and communications resources will be completely private. Information and messages sent over the Internet can be intercepted in various ways. Therefore, users of Central College technology with access to the Internet cannot assume that information they send over the Internet will be or remain confidential and inaccessible to anyone other than the intended recipient. Information stored on college computing resources, or passed through college communications networks may be accessible to the public through public record laws, subpoenas, interception, “hacking” or other means.

In general, information stored on computers is considered confidential, whether protected by the computer operating system or not, unless the owner intentionally makes that information available to other groups or individuals. Central College will assume that computer users wish the information they store on campus local and shared computing resources to remain confidential. Similarly, privileged information on account usage (i.e., that available only to users with system privileges) will be held in confidence.

Employee Responsibility

Central College employees, and students working in campus offices, who because of their work have access to non-public (confidential) information about others must not disclose that information. Employees must protect from the view of visitors non-public information displayed on computer screens. Employees must agree to and observe the Employment Confidentiality Agreement and Confidentiality Policy as maintained by the human resources office.

Employees who access Central College non-public information from off campus, either through remote connection or by portable device, must take special precautions to ensure that information does not become accessible to others and that devices are not lost or stolen. When college computers are removed from service, IT services will completely erase all data and software from local storage drives before the computer leaves campus. If the computer will be reused, IT services may reinstall operating system software consistent with applicable license agreements.

Requests for disclosure of confidential information will be reviewed by the administrator of the information system involved. Such requests will be honored only when approved by authorized college officials or when required by state or federal law.

Website

The Central College websites provide Internet access to college information resources and external information sources that support teaching, learning, marketing and the administration of the college. Information is provided by the communications, IT services, the library, various administrative and academic departments, faculty, staff and students. The websites’ purposes are to enhance communication and learning and to help inform decision-making by providing current information.

Central College accepts no responsibility for content on servers not maintained by the college that are linked from pages on Central College's servers.

Social Media

The Central Communications Office will oversee Central’s presence on key social networking sites and shall evaluate whether to launch a presence on new sites as they become available.  All policies, procedures, and guidelines regarding college trademarks, names, and symbols apply to social networking sites.

Central College does not pre-screen posted content, but it has the right to remove, at its sole discretion, any content that it considers to violate this policy. Posted comments do not necessarily reflect the opinions or policies of the college.

Language that is illegal, obscene, defamatory, threatening, infringing of intellectual property rights, invasive of privacy, profane, libelous, threatening, harassing, abusive, hateful or embarrassing to any person or entity, or otherwise injurious or objectionable is unacceptable and shall be removed.

Online Payments

Payment information will be kept secure and confidential, and will not be shared with anyone or used for any purpose other than the purpose of this payment transaction.

College policy is not to issue refunds for online payments. However, for questions concerning payment or to inquire about a potential refund, please call 641-628-9000.

Red Flags Rule

The Federal Trade Commission issued the Red Flags Rule under sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACT Act), which amended the Fair Credit Reporting Act (FCRA). The rule requires “financial institutions” and “creditors” that hold “covered accounts” to develop and implement an identity theft prevention program for new and existing accounts. Download the complete Central College Red Flag document here.

Email

Email at Central College is a service provided to enhance communication regarding teaching, learning and the general operations of the college. Posting or sending personal, sensitive or confidential information about another person, including medical information about an employee or student, via any form of electronic communication is strictly forbidden.

Enforcement of Policies

Reporting: Members of the college community who believe they have witnessed or been a victim of a violation of any of the above policies should notify the chief information officer, an appropriate vice president, an immediate supervisor or the director of human resources.

Response to violations: Violation will result in action by the appropriate college office or agency. Such action may include, but is not limited to: permanent or temporary suspension of user privileges, deletion of files, disconnection from the Central College network, and referral to applicable student/faculty/staff disciplinary processes that could include suspension or dismissal. All potentially illegal activities may be reported to appropriate local, state or federal law enforcement agencies for investigation and prosecution.

Further Information

Questions regarding this policy should be directed to the chief information officer, 
information technology services (641-628-5427).

See the Central College Policy on the Acceptable Use of Information Technology for more information about HIPPA, FERPA, GLBA and other applicable laws, and for information about other Central College technology policies. 
Document version date: February 21, 2013