Purpose:
This policy defines the acceptable access to and archiving of data at Wilmington College. This policy establishes measures for the protection, access, and use of Wilmington College’s administrative (electronic or paper) data.
The College provides employees with the information they need to do their jobs. An employee will be granted privileges consistent with their job duties to access public, confidential, and private information about faculty, staff, students, alumni, and donors.
Definition of Administrative Data:
The College’s database consists of information critical to the success of Wilmington College as a whole. The database is shared data, managed within a conceptual framework.
Data may be digital text, graphics, images, sound, or video. Some examples of administrative data include employee salary information, student course grades, or vendor payments. Administrative data does not include personal electronic calendar information and other similar material.
Ownership:
Information maintained by Wilmington College is a vital asset that is made available to all employees who have a legitimate need for it, consistent with the College's obligation to preserve and protect such information by all appropriate means.
The College is the owner of all administrative data, and it expressly forbids the use of administrative data for any purposes other than those required to conduct the business of the College. This resource may only be used in a legal, ethical, and responsible manner. All administrative data, whether maintained in the central database or copied into other data systems, remain the property of the College and are governed by this policy statement.
Although individual offices, departments, or programs may have responsibilities for portions of the College’s administrative data, the College itself retains ownership and responsibility for the data.
All other data defined as non-administrative data are owned by the creator of the data.
Responsibility:
It is the responsibility of all employees to manage data in a professional and ethical manner. Employees with access to data which is owned or created by others must observe requirements for confidentiality and privacy, must comply with protection and control procedures, and must accurately present the data in any use. In addition, the College and its employees do comply with applicable state and federal laws and regulations.
The College expressly forbids the disclosure of unpublished administrative data or the distribution of such data in any medium, except as required by an employee’s job responsibilities.
In this context, disclosure means giving the data to persons not previously authorized to have any type of access to it. The College also forbids the use of any administrative data for one’s own personal gain or profit, for the personal gain or profit of others, or to satisfy personal curiosity.
Users will respect the confidentiality and privacy of individuals whose records they access, observe any ethical restrictions that apply to data they access, and abide by applicable laws and policies with respect to accessing, using, or disclosing information.
Confidentiality:
All data is to be treated as confidential. With the exception of processes identified in the sections to follow, data may not be viewed, modified, duplicated, or transmitted without appropriate consent of the owner of the data or by legal authority.
Authorized Access:
Access to data files is permitted by authorized employees of the Information Technology Department for the purposes of monitoring and backup, storage, and retention without the approval of the data owner. However, access to the specific contents of data files requires appropriate approval pursuant from the owner or a legal authority request. Access in any other manner is a violation of this policy. (As consistent with and covered by the Information Technology Policy ITP-01 (Administrative Data Access)).
Monitoring:
It is essential for authorized employees of the Information Technology Department to monitor resource utilization of the Wilmington College network, equipment, and data in order to provide a healthy computing environment for network users. While this activity may require accessing details about files in general, it is not permissible to access the contents of these files without appropriate authorization. (As consistent with and covered by the Information Technology Policy ITP-01 (Administrative Data Access)).
The Information Technology Department shall insure that a variety of security measures are in place. It shall maintain the central College database and ensure data security, integrity, and availability to all who have been granted access to it.
Backup, Storage, and Retention:
For security purposes, Wilmington College data files are backed up to prevent loss of data and to provide for the restoration of lost or damaged information. Central database system backup will be performed on a regular basis according to a predefined schedule and are stored in a secure location under secure conditions. This information is retained for specific periods of time as determined by the type of data being backed up. It may be necessary for authorized Information Technology employees to view the contents of the process in order to ensure the accuracy of the files being backed up. However, information contained in individual files must not be accessed unless an authorized request has been approved from the owner. (As consistent with and covered by the Information Technology Policy ITP-01 (Administrative Data Access)).
Violations:
Any member of the Wilmington College Community who violates this policy will be subject to the disciplinary process as outlined in the appropriate handbook. The College also reserves the right to advise appropriate legal officials of any illegal violations.