Privacy and Security Practices for Internal Communication of College Data
Swarthmore College offices frequently need to communicate with each other about individual students, employees, or others, as part of their work. The College must ensure that these communications occur in a way that protects the information shared. In 2020-21 a Project Working Group on Privacy/Security Practices for Internal Communications developed recommendations aimed at balancing the privacy requirements for communicated information and the need for efficient interactions among employees of the College. These recommendations were discussed and approved by the Data Governance Committee in February 2021.
There is not a single best practice, as the approach depends on the nature of the data, but offices are expected to use the most secure approach possible given their situation:
- Use third-party software that is licensed through Swarthmore (e.g. Banner, Medicat, Titanium, etc.) directly rather than passing data through other means, if both parties have direct access.
- Use Swarthmore Google Drive/ AODocs to share documents or sheets via restricted links, after checking or testing the accuracy of the share recipients. Telephone or email communications can direct the other party to the existing file without including data.
- Use Swarthmore Gmail account, with documents attached. Because of the risk of incorrectly addressing an email (and the inability to “unshare” an email), this should be done with extreme caution, and only with less sensitive data. Using a password known to both parties to protect the file is an added protection.
- Use Swarthmore Gmail account, with data in the email itself. This might be an option with less sensitive data reflecting only a small number of individuals, but using IDs and initials rather than names is recommended as offering additional protection.
As is described in other College privacy and security-related policies, users should always ensure that telephone communications cannot be overheard, and email or other electronic communications or access to data cannot be viewed by others nearby.
As software is evolving, users may consider other College-supported channels of communication (e.g. Google Rooms), being mindful of the goal of minimizing the risk of accidental exposure to unintended recipients.