We have had discussions about adding text and it was declined as an option. From lack of security to simple carelessness with mobile devices this potentially opens the school to unnecessary risk.
Human Resources plays a critical role in our business. They ensure our new employees receive proper training as it relates to internal/school policies and procedures. HR also ensures we follow federal and state regulations as it relates to employees (e.g., meal breaks, compensation, work hours).
Information and security is critical, we need to maintain a compliant culture in all the business areas, but one of the most critical areas is definitely information and security
Information security is very important. We were using a specific type of firewall that is very effective but still got a ransomware through email that ane mployee inadvertantly downloaded which caused a lot of problems. We were ultimately able to retrieve all data without a loss (and no loss of security of data) but it gave us a specific situation that brought to the forefront the need to do duplicate documentation, not just electronic, but paper storage as well. We have an outside IT vendor who is in charge of checking our information security and back up system, however after this situation occurred we implemented a second check point. We now havea second company routinely check our primary IT company's checks to insure that they were being compliant, rather than just trusting them that they were.
Information security is an important and tricky area for adhering to compliance standards particularly for state funded institutions. At my last school which was state funded all email communications were considered to be open for review under the sunshine law. If, however at anytime you needed to share information about a student this transparency regulation can become a conflict of FERPA if more than directory information is share via email. Because of this potential conflict it is important that all employees are aware of and comply with information security regulations.
Johanna,
You bring up a great point about the operational challenges when regulations are in conflict. This is another area where awareness is critical to assess the best path to ensure "doing the right thing" when a decision must be made on how to address circumstances within compliance guidelines.
Traci Lee
By ensuring compliance in you marketing materials the institution is creating a culture that is consistent with the organizations mission therefore fostering and setting a standard for complete and continuous compliance. This is critical because this material is not only what attracts your prospective students but also your future employees.
Shannon,
You bring up a good point about the impact not only on prospective students but, also prospective employees. It certainly does impact the culture since this is often the "first thing" individuals read about an institution.
Traci Lee
Being in the Health Field, I see information security as a core foundation (and similar to HIPPA, in the medical field) and guarding student information, as well as organizational, and faculty information are all very crutial to keeping the instition ongoing. If there is a breach or inadequate measures in place to keep infomation secure, this is a negative reflection on integrity and as a result loss of trust or reliability of the institution's ability to be reputable and professional. I feel information security is a basic, and if it is not there or is not at it's peak, the institution is compromised on all levels.
Erica,
Great topic and the alignment with HIPAA is a good comparison that almost anyone can relate to due to the sensitivity of information.
Traci Lee
We are an online school, so not many document are printed - just documents such as Enrollment Agreements. However, Information Security is very important for us too. How is student information secured electronically? We use dropbox to share specific folders and also communicate by e-mail. Is there a manual that explains how information must be secured electronically? Additionally, where can I see what Florida's guidelines are for who can access student records? I would like to send this information to all administrative and teaching staff to endure that everyone is in compliance and no one releases information that is confidential. Currently, student application records are accessible by the Registrar, Dean, and Director. No one else. Is that compliant with Florida State law? Thank you.
Chana,
There are various references within the CIE rules that reference guidelines on handling student records. Here is a link to those regulations. http://www.fldoe.org/cie/pdf/chapter6E_rules.pdf There are also federal guidelines that should be considered under FERPA provisions. There are many references to this which can be found at http://www2.ed.gov/policy/gen/guid/fpco/index.html. I realize this is a lot of information to sort through but it sounded like you were interested in more details. These resources have links to information for various audiences and also an FAQ section where you may find specific answers to certain questions.
Traci Lee
I believe Information Security is very critical for both the student and the employee. Many individuals are not aware of some of the important personal items, such as social security numbers, address, and other identifying data can be detrimental to an individual if that information is seen or take by others.
Amber,
There is a lot of attention on this right now with retail outlets which may not have established such protections. The level of such threats seems to increase with increasingly more sophisticated means for penetrating methods designed to secure data.
Traci Lee
I would have to identify marketing as being very critical to creating a compliant culture in an organization. Marketing is something the public views on a normal basis and is huge draw for new students and the event of being out of compliance marketing wise could mean all initiatives being pulled. This could cause a lot of negative effects such as a drop in student enrollment, not to mention a very publicly visible in-compliance that could set a negative the tone for the organization. While all other areas are just as critical, it is important to maintain a compliant and positive relationship with the public because not only does the public have access to our marketing on a daily basis, so do our regulators. A violation could cause an unexpected additional audit.
Juan,
I am glad to see someone focus on the marketing element of compliance since so many of the regulations emphasize accuracy and transparency in such communications.
Traci Lee
when marketing in the school business there is specific language that can and can not be used by different regulatory agencies. Its always good to understand those rules and have a means to verify rules are being met.
Information security is an important issue. Instructors like sharing information with the students. To prevent copyright issues occurring everything the instructors want to copy must be approved by the education department.
FERBA education is another challenge for us. FERBA is a part of the new faculty orientation program. I feel we need to have a release form signed by the students before classes begin giving permission to release their information especially to parent's who are paying for their education.
Parents today aren't always educated about FERBA and it causes some heated discussions on the parents part.
Michaela,
It's difficult for parents supporting their children's college education to be restricted on obtaining information without their child's consent. Some schools have the student sign the release during the enrollment and financial aid process which may be a better time to get such consent. Later, after a student has started, or even during orientation when many schools collect such paperwork, the student may be less inclined to do so. FERPA guidelines at least provide the structure to balance security and privacy with ability to share information properly.
Traci Lee
