Information Security and subsequent issues of retention and copyright are very much hot topics right now. It is particularly important to schools, as not only can schools, school staff and administrators and students perpetrate crimes in dealing with information. If however, a school is upfront, educates and discusses with staff and students these issues,then we are creating a compliant culture in our organization. For example, on the topic of copyright we can discuss issues of textbooks and photocopying, proper citation methods versus unintentionally committing plagiarism.
In terms of information security, it is critical to have a compliant culture because of how quickly information can be stolen and used to the detriment of the person with the revelant information. Making sure a student's information is paramount to maintaining a good reputation in the community, trust, and of course, not being in legal trouble.
Andra,
I agree that information security ranks increasingly higher with the migration to electronic formats for record keeping.
Traci Lee
I believe the security information is a very important, for the reason that it is the privacy of the students, and we can avoid any kind of fraud or identity theft.
Ricardo,
This is certainly a hot topic in today's day and age.
Traci Lee
Human Resources is an area in which, if strict compliance is not followed, an organization can quickly become mired in adverse legal actions. One of the most common has become the use of exempt status. Misclassification of an employee can result in lawsuits under the FSLA, as well as state actions regarding the payment of overtime, if any was worked. In addition to substantial financial penalties, a school may also find itself subject to further scrutiny by regulatory agencies.
Different positions within an organization require special qualifications, for instance the level of education needed for a teaching position. But it is the role of HR to be able to document the qualifications to the satisfaction of accrediting and governmental agencies.
Of special concern is Admissions, with the prohibition against incentivizing enrollment outcomes. HR should maintain good records to demonstrate that compensation was not based in any way on enrollment numbers.
This is an old post - but it's absolutely true, especially with regard to shredding old records. When paperwork containing student (or personnel) names, addresses, SS #s, or ID'S is simply tossed, this is fodder for identity thieves. Instead, any paperwork with this type of information, if it is to be discarded, must be shredded - and all employees must be aware of this requirement.
Nyssa,
This is an important topic - thanks for your post that references key areas for HR compliance - especially FSLA status which is certainly an area where some schools have faced consequences. I have seen schools take various approaches on monitoring enrollment staff due to the changes with the elimination of safe harbors. It will be interesting to see how schools do with this over time to see what emerges as best practices.
Traci Lee
Information security is very important to any business. When dealing with ss#, tax information etc we must shred it right away and not leave it for others (students)to see. If students see if we are careless about their personal informantion than how can they trust us. Than we are not following any of the guidelines giving to us from federal, state and local goverment.
I like the information security info. So important in our business. This is one area that can quickley get out of hand if no regulatory guide lines are in place. Many of our students are still living at home and it's tough for mom and dad to accept the fact that, even though you are paying the tuition, we still need to have permission to give them information. It's important that everyone in the organization be on the same page and follow the regs. This will keep the company compliant.
In today's world, compliance in all of these business areas are critical.
All too often we see identity theft coming from obscure sources and we, as the gatekeepers of our student information, have a tremendouse responsibility to ensuring that their personal information is safe.
While much of this safeguarding does seem to be common sense it is good to learn that such specific rules and requirements do exist.
I agree that many of my employees do not recognize the importance of confidentiality with driver’s license, Social Security numbers and high school/college transcripts or even items such as note paper, faxes and other items that contain student information. I’m currently working with all staff personnel on ensuring we are destroying and safeguarding this type of information. This will eliminate the opportunity for anything to fall in the wrong hands.
Ralph,
It's a good reminder to all about the sensitivity of such information. It is easy to get so focused on our tasks at hand and walk away from our desks which contain such personal information.
Traci Lee
Our campus does utilize an outside service to shred confidential information. All confidential information is stored in a locked bin, and the service shreds on a routine basis. In addition to this "common bin," we do have shredders in located in our financial aid office as well as our student accounts department.
All of these areas are important, although safeguarding Information is critical to the school and most importantly to the students.
Lisa,
Great to have both as I have seen some schools be diligent in using the "big bins" for high volume and then be more lax with single sheets. Having small local shredders further encourages that EVERY sensitive document is properly shred.
Traci Lee
Selecting one of the business areas covered – marketing, human resources, or information security, describe how critical the business function is to creating a compliant culture in an organization.
Working at a public community college and surviving the last few years with the surge of students we experienced (45% increase) each and every department on campus was forced to revamp and streamline processes and procedures. We found that our old ways of doing things would NOT work in the new market place of students. HR was stress and forced to hire more part time instructors than at any other time in the college’s history. Every department found a way to make it better for staff and for students. Our process is now top notch and our college enrollment has flat lined, but we are all working more efficiently than at any time in the past.
Information Security is the biggest issue we all have in this tech-savvy society we are living in. Coming from 29 years in the data center operations, I see things that make me crazy every day in the education environment. I see instructors leaving student's papers, tests out in the open on their desks. This is a problem. As instructors we do not know who is on the cleaning crews, other faculty and so forth who may pass by our desks when we are not present. The biggest problem for me is having someone walk away from their computer and not lock the screen. I realize that it is a pain to have to re-sign in with our passwords, but the one thing I try to impress on someone is that you do not know who is walking by your desk. If you have left for lunch, your computer is unlocked then someone could potentially send an email to the president of the college that was very unflattering. Problem is, 1) was sent from your computer, 2) was sent under your login 3) regardless if 3 people saw you leave for lunch, it will be nearly impossible to prove it was not you who sent the email unless there is a surveillance system in place to track your movements. Of course that is only if the person sending the email wanted to get back at the person who left for lunch. Many times the person is also logged into the SIS and this leaves the students' files open to attack. While some of us have minimal permissions on the SIS, others have full access. Most places have automatic screen lock after being idle for so many minutes, but that does not help when you are not sitting at your desk during that idle time. I guess my whole point is to reduce the opportunity.
In order to create a compliant culture, at my previous job there were people who purposely wandered through the facility looking for computers which were open. They would then bring up Microsoft Word, type in a new document: "You are non-compliant... lock your computer when you leave your desk". It was logged who it was and the station unlocked. After the second time it was reported to their supervisor who was then charged with following up with the employee. I realize this is a bit dramatic, but I worked in a research facility where it was absolutely necessary to keep security. It generally only took the first time for people to remember to lock their computer.
it is very important to creat compliance in the area of information security because the students are intrusted the institution with their personnal info such as social security card and driver's license. The institution must do everything possible to protect that person identity.
Jose,
Agreed - FERPA is a major area of focus given the emphasis on privacy rules and identify theft risks.
Traci Lee
