Jump over the site's section navigation.

1.10 Code of Responsibility for Security and Confidentiality of Data

Policy

Illinois State University has established the following policy to ensure the security, confidentiality, availability and integrity of University information.

Students, faculty, and/or staff have the right to review, inspect and challenge the accuracy of information kept by the institution unless this right is waived in writing. Information cannot be released in other than emergency situations without the written consent of the individual except in the following situations:

  1. To school officials, within the educational institution or local education agencies who have legitimate education interests.
  2. To authorized representative of 1) the Comptroller General of the United States, 2) the Secretary of Education, 3) state educational authorities, or 4) authorized representatives of the Attorney General for law enforcement purposes.
  3. To comply with a judicial order.
  4. In connection with the student’s application for and receipt of financial aid.
  5. In connection with accrediting organizations to carry out their accrediting functions.
  6. Where the information is classified as directory information. The following categories of information have been designated by the University as directory information: name, address (local, home, and electronic mail) telephone number, date and place of birth, major field of study, class, participation in officially recognized activities and sports, weight and height of members of the athletic teams, dates of attendance and course load status, candidacy for degree, degrees and awards received, the most recent previous educational agency or institution attended. Directory information for staff includes employment dates, position title, employing department, and address (campus, home, and electronic mail). Directory information in a public, published form may be distributed.

Any person authorized access to any information is:

  1. Not to make or permit unauthorized use of any information.
  2. Not to seek personal benefit or permit others to benefit personally by any confidential information which has come to them by virtue of their work assignment,
  3. Not to exhibit or divulge the contents of any record or report to any person except in the conduct of their work assignment and in accordance with University and office policies.
  4. Not to knowingly include or cause to be included in any record or report a false, inaccurate, or misleading entry.
  5. Not to remove any official record or report (or copy) from the office where it is kept except in performance of job responsibilities.
  6. To assure that the visual display devices will be protected from casual use or observation by unauthorized persons.
  7. To protect the confidentiality of sign-on procedures.
  8. To require proper identification before discussing information pertinent to the individual’s record.
  9. To ensure secure management of University resources.
  10. To ensure proper logging of requests to the University with the University General Counsel’s Office.

Further responsibilities with regard to university data, including restriction of Directory Information, are detailed in:

  • 1.1.9 Sanctions for Unauthorized Release of Protected Health Information
  • 2.1.1 Student Records
  • 9.2 Appropriate Use Policy (for technology resources)
  • 1.1.13 Use of Social Security Numbers by Illinois State University
  • 7.1.5 Freedom of Information Act

University Records

The University maintains data in a variety of forms. The primary Custodian of Records for the University is the President; the Office of General Counsel serves as the University's legal advisor. The Assistant to the President is the Freedom of Information Act Officer. The President has delegated responsibility to the Vice President for Academic Affairs and Provost for all academic records; the Vice President for Finance and Planning for all general administrative and fiscal records; and the Vice President for University Advancement for all foundation and alumni records maintained in accordance with applicable standards.

The President and Vice Presidents further delegate the responsibility for defining, managing, and granting access to University records and data to various administrative “Data Custodians.” The Data Custodian for any set of University data is that person given executive responsibility for defining, managing, and granting access to any given set of University records, in paper or electronic form. A current list of key campus data custodians is found at The Office of General Counsel web site.

Questions concerning the University’s policy regarding release of information may be directed to: for general administrative and fiscal records, the Office of the Vice President for Finance and Planning or, for all academic records, the Office of Vice President and Provost. For requests of student’s transcripts or verifications, contact the Office of University Registrar. For employment records and verification, contact Human Resources. Subpoenas, court orders, and Freedom of Information Act requests (Refer to 7.1.5 Freedom of Information Act Implementation Rules) should be referred to the Assistant to the President, 309-438-5677.

Initiating body: Office of General Counsel

Contact: Office of General Counsel (309-438-8999)

Revised on: 03/2007


2016-08-04T10:47:45.278-05:00 2016
©