Privacy and Security of Confidential Information
<< Return to Chapter 15: General Policies
Protecting personal privacy and maintaining confidentiality of personal information has always been a high priority of the College. The government, with the Gramm-Leach-Bliley Act of 2000 (GLB), mandated that financial institutions safeguard the security and confidentiality of customer information. A follow-up action by the Federal Trade Commission (FTC) ruled that GLB applies to higher education institutions.
The College's formal Information Security Plan can be obtained from the Finance Department or viewed at http://www.swarthmore.edu/informationsecurity.xm
The Information Security Plan is designed to ensure the security, integrity, and confidentiality of non-public customer information, protecting it against anticipated threats, and guarding it against unauthorized access or use. The College's policies are reviewed annually and the designated GLB Security Program Officers for the College are the Vice President for Finance and Treasurer, and the Registrar. All correspondence and inquiries about the College Information Security Plan should be directed to these Officers.
College employees are responsible for securing confidential information used in the execution of their duties and for following any additional departmental privacy and security procedures. The College's GLB Information Security Plan and departmental policies include measures to safeguard physical and electronic records and address the need for constant attention to privacy and security when using non-public information. Supervisors are expected to provide training for all staff and volunteers on the privacy and security procedures for their department.
Information that must be safeguarded includes "any record containing non public information about a student, employee, alumni or any other third party engaged in a financial transaction with the College". The information to be protected may be in paper, electronic or other forms. Typical examples of protected information include financial information, academic records and employee personal information. Each department will ensure that third party service providers maintain appropriate safeguards for non-public information to which they have access. Contracts with service providers must include specific provisions to secure the privacy and security of information according to the GLB.
All confidential material should be kept in secure locations using locked filing cabinets or offices with locked doors. Employees should turn off their computers, lock offices and secure data when leaving their work area for an extended period of time. If an employee is unsure if their actions are in compliance with the College Information Security Plan, they should consult with their supervisor. An employee failing to comply with the security policies of the College could be subject to disciplinary action up to and including dismissal and legal action for personal liability.