1.10 Code of Responsibility for Security and Confidentiality of Data
Illinois State University has established the
following policy to ensure the security, confidentiality,
availability and integrity of University information.
Students, faculty, and/or staff have the right to
review, inspect and challenge the accuracy of information
kept by the institution unless this right is waived in
writing. Information cannot be released in other than
emergency situations without the written consent of the
individual except in the following situations:
- To school officials, within the educational institution or
local education agencies who have legitimate education
- To authorized representative of 1) the Comptroller General
of the United States, 2) the Secretary of Education, 3)
state educational authorities, or 4) authorized
representatives of the Attorney General for law enforcement
- To comply with a judicial order.
- In connection with the student’s application for and receipt of financial aid.
- In connection with accrediting organizations to carry out their accrediting functions.
- Where the information is classified as directory
information. The following categories of information have
been designated by the University as directory information:
name, address (local, home, and electronic mail) telephone
number, date and place of birth, major field of study,
class, participation in officially recognized activities
and sports, weight and height of members of the athletic
teams, dates of attendance and course load status,
candidacy for degree, degrees and awards received, the most
recent previous educational agency or institution
attended. Directory information for staff includes
employment dates, position title, employing department, and
address (campus, home, and electronic mail). Directory
information in a public, published form may be distributed.
Any person authorized access to any information is:
- Not to make or permit unauthorized use of any information.
- Not to seek personal benefit or permit others
to benefit personally by any confidential information which
has come to them by virtue of their work assignment,
- Not to exhibit or divulge the contents of any
record or report to any person except in the conduct of
their work assignment and in accordance with University and
- Not to knowingly include or cause to be
included in any record or report a false,
inaccurate, or misleading entry.
- Not to remove any official record or report
(or copy) from the office where it is kept except in performance of
- To assure that the visual display devices will
be protected from casual use or observation by
- To protect the confidentiality of sign-on procedures.
- To require proper identification before discussing information pertinent to the individual’s record.
- To ensure secure management of University resources.
- To ensure proper logging of requests to the University with the University General Counsel’s Office.
Further responsibilities with regard to university
data, including restriction of Directory Information, are
- 1.1.9 Sanctions for Unauthorized Release of Protected Health Information
- 2.1.1 Student Records
- 9.2 Appropriate Use Policy (for technology resources)
- 1.1.13 Use of Social Security Numbers by Illinois State University
- 7.1.5 Freedom of Information Act
The University maintains data in a variety of
forms. The primary Custodian of Records for the University
is the President; the Office of General Counsel serves as
the University's legal advisor. The Assistant to the President is
the Freedom of Information Act Officer. The President has delegated
responsibility to the Vice President for Academic Affairs
and Provost for all academic records; the Vice President
for Finance and Planning for all general administrative and
fiscal records; and the Vice President for University
Advancement for all foundation and alumni records
maintained in accordance with applicable standards.
The President and Vice Presidents further delegate
the responsibility for defining, managing, and granting
access to University records and data to various administrative
“Data Custodians.” The Data Custodian for any set of
University data is that person given executive
responsibility for defining, managing, and granting access
to any given set of University records, in paper or electronic form.
A current list of key campus data custodians is found at The Office of General Counsel web site.
Questions concerning the University’s policy regarding
release of information may be directed to: for
general administrative and fiscal records, the Office of the
Vice President for Finance and Planning or, for all academic
records, the Office of Vice President and Provost. For
requests of student’s transcripts or verifications, contact
the Office of University Registrar. For employment records
and verification, contact Human Resources. Subpoenas, court
orders, and Freedom of Information Act requests (Refer to
7.1.5 Freedom of Information Act Implementation Rules) should
be referred to the Assistant to the President, 309-438-5677.