2021-2022 Administrative Policy Manual

Apr 20, 2024

HELP

2021-2022 Administrative Policy Manual [ARCHIVED COPY]

Section 10 - Information, Records, and Publications

10.1 Publicity
10.2 Publications
10.3 Media Relations
10.4 Records Retention
10.8 Data Management and Classification

10.9 Student Records Management and Security Policy
10.50.1 GGC Brand Policy
10.60 Open Records

10.1 Publicity

Reviewed May 26, 2016

See Board of Regents Policy Manual Section 10.1.

10.2 Publications

Reviewed May 26, 2016

See Board of Regents Policy Manual Section 10.2.

10.2.1 The System Supplement

Reviewed May 26, 2016

See Board of Regents Policy Manual Section 10.2.1.

10.2.2 Institutional Publications

Reviewed May 26, 2016

See Board of Regents Policy Manual Section 10.2.2.

All publications, including bulletins, annuals, magazines, etc., published either by students, faculty, or staff of Georgia Gwinnett College (GGC) shall be published only under proper supervision and authority of the President of GGC and adhere to the graphic standards of the institution as outlined in APM 10.50.1 GGC Brand Policy. All financial contracts pertaining to such publications shall be approved by the President or his/her designated representative. The official publication of Georgia Gwinnett College shall be ENGAGE magazine, and it shall be published three times annually in the Office of Public Relations and will contain no paid advertisements/sponsorships.

10.2.3 Publishing Notices of Charges

Reviewed May 26, 2016

See Board of Regents Policy Manual Section 10.2.3

All catalogues, college bulletins, or other publications issued by Georgia Gwinnett College shall contain the following provision printed in boldface type: “All tuition, fees, or other charges are subject to change at the end of any academic term.”

10.2.4 Digital Communications Policy

Reviewed May 26, 2016

10.2.4.1 GGC Website

Reviewed May 26, 2016

The public website is instrumental in serving the communications needs of GGC’s diverse audiences including prospective students, family and friends, current students, faculty and staff, donors, and the community. Working in concert with print and other digital communication tools, including social media, the public website represents the College and serves to reinforce the College’s brand and to positively engage audiences with the College.

The GGC website, as pertaining to this policy, is defined as the public website its content (text, images, downloadable documents, feeds, video, etc.), and third-party sites that can be accessed through the public website, including, but not limited to Claw Link, Get Involved, HireTouch and MyGGC.

GGC website content located in the central content management system (CMS) inherits the approved GGC website design determined by strategic branding attributes outlined in APM 10.50.1 GGC Brand Policy and should adhere to the guidelines outlined in the GGC Digital Communications Guide posted at the Strategic Communications and Positioning (SCP) webpage. Content in the CMS is managed by the Office of Digital Communications.

10.2.4.1.1 Design

Reviewed May 26, 2016

GGC website content located in the central content management system (CMS) inherits the approved GGC website design, including the exterior framework and interior colors, fonts and images, and is maintained by the Office of Digital Communications.

All GGC digital design elements should adhere to APM 10.50.1 GGC Brand Policy.

10.2.4.1.2 Graphics

Reviewed May 26, 2016

GGC websites and publications should display an approved GGC logo and demonstrate a professional appearance in keeping with the College’s style and brand. Use of GGC logos and trademarked graphics should adhere to APM 10.50.1 GGC Brand Policy.

10.2.4.1.3 Content

Reviewed May 26, 2016

Information representing the College should be relevant, accurate, accessible (Section 508 compliant), current and approved. Information includes, but is not limited to, body text, announcements, photos, captions, videos and graphics.

It is the responsibility of the division or unit (and their representative content or social media managers) to ensure accuracy of all submitted content for posting to digital communication channels. Additionally, when quoting thoughts, ideas, photos or videos, include citations and/or provide links to original material.

All content should adhere to any copyright laws. For more information on copyright laws, plagiarism, citations and intellectual property, visit the GGC Library’s libguides.

See APM 11.60 Electronic and Information Technology Accessibility Policy .

10.2.4.1.3.1 Questionable Content

Reviewed May 26, 2016

Some forms of content are not allowed in any form except when produced as an educational asset. Content, whether in text, imagery or multimedia form, falling into this category or considered to be in “poor taste” may not be approved for the site.

Examples of some questionable content include, but are not limited to, those listed in the GGC Digital Communications Guide.

10.2.4.1.3.2 Images

Reviewed May 26, 2016

Imagery, including photography, should be accessible (Section 508 compliant) and an accurate and appropriate representation of GGC. Imagery must also adhere to APM 10.50.1 GGC Brand Policy and meet the digital requirements outlined in the GGC Digital Communications Guide.

10.2.4.1.3.3 Accessibility

Reviewed May 26, 2016

The GGC website [see definition, APM 10.2.4.1 GGC Website] falls within the scope of websites that are required by federal law to comply with Section 508 compliance, which mandates that digital information should be equally accessible to people with and without disabilities.

Therefore, in order to comply with this federal mandate, the College’s website should comply with the guidelines defined in the University System of Georgia’s Accessibility website,

The Office of Digital Communications reserves the right to remove or refuse to link to non-compliant content as outlined in the GGC Digital Communications Guide, including documents, images, videos, software and websites.

See APM 11.60 Electronic and Information Technology Accessibility Policy.

10.2.4.1.4 Continuous Improvement

Reviewed May 26, 2016

It is the responsibility of the College community to facilitate continuous improvement of the GGC website. A Web Advisory Council (WAC) was formed in 2013 for this purpose. The WAC includes representatives of various key areas on campus who meet each semester to evaluate feedback from the campus community and provide guidance to the Office of Digital Communications and other areas on campus with a web presence. Members also play a key role in communicating issues to the Council as well as communicating changes to their areas. Additionally, faculty, staff and students may submit feedback about the website through their designated Web Council Advisory representative or by emailing webadvisorycouncil@ggc.edu.

10.2.4.1.5 Public GGC Website

Reviewed May 26, 2016

The public GGC website uses a content management system and is managed by the Office of Digital Communications. Content managers submit content to the Web Content Strategist/Editor for review. The public GGC website should adhere to the guidelines and standards previously outlined in APM 10.2.4.1.1 Design and APM 10.2.4.1.3 Content.

10.2.4.1.5.1 Content Managers

Reviewed May 26, 2016

A content manager is assigned by their division, approved by the Office of Digital Communications and is responsible for the content of his or her organization’s public sub-site, as outlined in the GGC Digital Communications Guide.

Periodic content management system training is required and conducted by the Office of Digital Communications.

10.2.4.1.5.2 Content Management Procedures

Reviewed May 26, 2016

Content managers should follow procedures defined in the GGC Digital Communications Guide when revising his or her assigned content or submitting requests for updates and/or changes for that content. Submitted content will be reviewed by the Web Content Strategist/Editor. Revisions may be made as necessary and, if significant in nature, will be returned to the client for final review and approval. Following final review and approval, the Web Content Strategist/Editor will publish content on the public GGC website. All text, imagery and multimedia are subject to editing for style, grammar, punctuation, spelling, quality or length by the Web Content Strategist/Editor. All content, pages, and sites are expected to comply with the requirements and standards outlined in this policy.

10.2.4.1.5.3 Requesting a Sub-Site

Reviewed May 26, 2016

A sub-site is a school, department, program or organization website located in the CMS and created as part of the public GGC website. Sub-sites may be requested by completing the appropriate request form located on the SCP webpage with a description and justification of the proposed sub-site. Sub-site requests will be evaluated based on GGC’s website goals and strategies, urgency and availability of resources. The Office of Digital Communications reserves the right to approve, prioritize or deny sub-site requests. Content that is denied may be appealed through the Office of Strategic Communications and Positioning. All public websites, with the exception of complex web applications should be created by the Office of Digital Communications and adhere to the GGC Digital Communications Guide.

10.2.4.1.5.4 Content Review

Reviewed May 26, 2016

Content managers are responsible for completing periodic reviews of their content for accuracy and communicating any necessary changes to the Web Content Strategist/Editor. Refer to APM 10.2.4.1.5.5 Requesting Edits for more information.

10.2.4.1.5.5 Requesting Edits

Reviewed May 26, 2016

Requests to edit content should be coordinated between designated content managers and the Web Content Strategist/Editor.

Reference the GGC Digital Communications Guide for more information about collaborative content manager roles and procedures for revising content.

10.2.4.1.5.6 Other Website Requests

Reviewed May 26, 2016

Other website requests, including but not limited to video production, promotional slides, faculty, staff and student announcements, calendar events, and directory profile requests may be submitted by GGC faculty and staff by completing the appropriate request form located on the SCP webpage. The Office of Digital Communications reserves the right to recommend and publish promotional content where it is most appropriate and according to quality standards and target audience.

10.2.4.2 Official Social Media Accounts

Reviewed May 26, 2016

Social media is defined as a means of interaction in which users create, share and develop multimedia and textual content across a wide array of platforms meant for social interaction through electronic distribution. Social media websites are important additions to the overall GGC brand. These sites represent the College and serve to reinforce the College’s brand and to positively engage audiences with the College.

The GGC social media program is managed by the Office of Digital Communications.

10.2.4.2.1 Official Tools and Accounts

Reviewed May 26, 2016

Social media tools approved by the Office of Digital Communications include, but are not be limited to, Facebook, LinkedIn, Twitter, and YouTube. Additional tools may be evaluated by the Digital Communications Manager on a case-by-case basis.

Official GGC social media accounts are listed in the GGC Social Media Directory. In order to be considered an official College account, the social media account should adhere to the requirements as outlined in the GGC Digital Communications Guide.

The Office of Digital Communications reserves the right to revoke or refuse social media accounts and creation. Content that is denied may be appealed through the Office of Strategic Communications and Positioning.

10.2.4.2.2 Social Media Content Managers

Reviewed May 26, 2016

Social media content managers should comply with the requirements outlined in the content section below and sign and adhere to the Social Media Policies and Best Practices agreement located in the GGC Digital Communications Guide.

It is the social media content manager’s responsibility to monitor the account and any comments associated with the account. Additionally, required periodic social media content manager training will be provided by the Digital Communications Manager.

10.2.4.2.3 Content

Reviewed May 26, 2016

The social media content manager is responsible for ensuring content adheres to APM 10.50.1 GGC Brand Policy and to the GGC Digital Communications Guide.

GGC’s Digital Communications team may oversee and evaluate social media pages representative of GGC and require deletion of content if deemed necessary.

10.2.4.2.4 Social Media Account Requests

Reviewed May 26, 2016

To request a social media account, review the GGC Digital Communications Guide and complete the appropriate request form located on the SCP webpage.

Media Relations

Policy Number: 10.3
Effective Date: November 6, 2017
Revision History: September 14, 2016
Policy Contact: Vice President of Strategic Communications and Positioning

Purpose and Policy Statement

This policy establishes guidelines for contacts and interaction with news media for all GGC personnel.

Scope

All employees and student media/organizations are responsible for understanding and complying with this policy.

For any questions on this policy, please contact the Office of Public Relations at 678.407.5549.

Definitions

News media: This includes, but is not limited to, electronic media, social media, broadcast media, print media, blogs, and other related media sources.

Roles and Responsibilities

Office of Public Relations: The Office of Public Relations is the College’s primary point of contact for media inquiries. They are responsible for building and sustaining relationships with the news media, providing support and coordinating accurate and appropriate information.

Faculty/staff: Employees are not authorized to speak on behalf of Georgia Gwinnett College unless specifically designated by the President or his designee. Employees of the College may speak on their own behalf as long as it is clear any such employee is not speaking on behalf of GGC in any official capacity. For more details on authorized contacts, please refer to APM 10.1 Publicity.

Any faculty/staff member who wishes to contact the news media for campus business purposes must communicate with the Office of Public Relations for appropriate coordination and any necessary approvals. Adherence to the requirements under this policy will enable the institution to provide accurate, appropriate and consistent messaging in a timely manner.

Members of the news media who contact Georgia Gwinnett College faculty or staff directly must be referred to the Office of Public Relations for initial review. Upon notification, the Office of Public Relations will provide guidance regarding appropriate action to the faculty or staff member.

Student organizations and student media: Student organizations interested in interacting with the news media for official campus matters are encouraged to consult with the Office of Public Relations for assistance in media relations matters.

Student journalists representing campus media outlets who are reporting on topics regarding the institution, such as College policies and developments, must route requests through the Office of Public Relations. A public relations staff member will facilitate interviews with the appropriate sources.

Student journalists representing campus media outlets who are reporting on topics regarding faculty research, course projects or general academic coursework may contact faculty members directly to request information or to schedule an interview.

Records Retention

Policy Number: 10.4
Effective Date: May 2, 2019
Revision History: May 26, 2016
Policy Contact: Chief of Staff

Purpose and Policy Statement

The purpose of this policy is to provide guidance on the retention of records by function and provide a schedule for storage.

Scope

This policy applies to anyone associated with GGC who creates records described in the schedules available at the Board of Regents Records Retention Schedule.

Definitions

Record: “Recorded information in any form, including data in computer systems, created or received and maintained by an organization or person in the transaction of business and kept as evidence of such activity.” Georgia statute defines records as “all documents, papers, letters, maps, books (except books in formally organized libraries), microfilm, magnetic tape, or other material, regardless of physical form or characteristics, made or received pursuant to law or ordinance or in performance of functions by any agency” (Official Code of Georgia Annotated, § 50-18-91[5]). Records are defined further as anything created in the process of conducting State business. These include, but are not limited to, text, voice messages, video conference notes (or recording if made), notes of one on one meetings, etc. When in doubt about the nature of a record, maintain the record and contact the institutional records manager.

Records management: A field of management responsible for the systematic control of the creation, maintenance, use, reproduction, and disposition of records.

Records manager: The person assigned primary responsibility for the records management program.

Records retention schedule: Instructions for what to do with public records (based on administrative need and legal requirements) from their creation, through active and inactive use, to their destruction or retirement. The schedule provides a minimum period of time that a specific type of record must be preserved.

Retention period: The period of time during which records must be kept before they are either destroyed or stored in an archival area (i.e., records as of June 30, 2007 having a retention period of three years should be kept until June 30, 2010).

Compliance

In order to maintain compliance with federal and state law, including the Georgia Records Act (O.C.G.A. 50-18-90 et seq.), and to meet requirements of external entities, such as accrediting bodies, GGC establishes retention schedules and the duties of agencies with regards to records management and access to records. All GGC associated persons creating a record shall maintain and preserve such College records and electronic documents in accordance with the Retention Schedule of the University System of Georgia (USG) Board of Regents (BOR) and State of Georgia law. GGC shall follow the records retention schedule set forth by the BOR. Once records have met all required retention in accordance with the BOR retention schedule, destruction procedures are implemented.

Each Division will appoint an individual to serve as the organization’s record manager. At the direction of the President, the Chief of Staff will serve as the institutional records manager. Assignment of records retention duties subordinate to the Division level for security or confidentiality reasons is at the discretion of the Division

Related Regulations, Statutes, Policies, and Procedures

BOR 6.24 Records Retention
Georgia Records Act
University System of Georgia (USG) Board of Regents (BOR) Records Management and Archives

Data Management and Classification

Policy Number: 10.8
Effective Date: September 12, 2019
Revision History: May 26, 2016
Policy Contact: Executive Director, Office of Plans, Policies, and Analysis

Purpose and Policy Statement

This policy describes the roles, responsibilities, and classification for institutional data and provides guidance on management of, access to, and utilization of institutional data for the purpose of ensuring the integrity of institutional data and protecting the privacy of those persons on whom we maintain data records.

This policy was developed with these guiding principles:

Everyone is a data user; some individuals may also have additional designated roles with regard to specific data or databases.
All institutional data are classified as internal unless otherwise designated.
All personnel are responsible for ethical use of data.

Scope

Information is one of Georgia Gwinnett College’s (GGC) most valuable resources and as such requires responsible management by all members of the GGC community. All institutional data should be used with appropriate and relevant levels of access and with sufficient assurance of its security and integrity in compliance with existing laws, rules, and regulations. This policy applies to all employees and students in the GGC community, as defined below.

Definitions

Confidential data: Institutional data for which there is a legal obligation not to disclose.

Data managers: Operational managers within a functional area overseeing the data for a particular subject area.

Data stewards: Senior level officials who have planning and policy responsibilities for data in their functional areas.

Data trustees: GGC executives who have overall responsibility for all the data sets maintained by the units reporting to them.

Data users: GGC employees or students who have been granted authorization by the data managers to access institutional data.

Employee: Full-time or part-time worker at GGC, whether directly employed, contracted, sub-contracted, work-study or volunteer. (Note that this definition applies to data management policies only, and does not affect other operational definitions in use at GGC.)

Institutional data: Any data element that originates or is in the custody and control of GGC, excluding personal notes and records or data whose primary purpose is scholarly, such as syllabi, course notes, and the products of research or creative scholarly work unless such work meets the criteria for College ownership (full or partial) as defined in APM 6.3 Intellectual Properties. Examples of institutional data include, but are not limited to:

Elements supporting financial management
Payroll
Student educational records
Student financial data
Medical data
Employee personnel records
Intellectual property
Intellectual research property
Capital equipment inventory
Donor data
Alumni data

Internal data: Institutional data that are available freely within institution but are not available to the public unless required by law. This is the default categorization for institutional data.

Protected Health Information (PHI): Individually identifiable health information that is maintained or transmitted in any form or medium. Protected health information excludes individually identifiable health information in education records covered by the Family Educational Right and Privacy Act (FERPA)

Scholarly data: Data elements, both quantitative and qualitative, developed for the purpose of classroom instruction, classroom management, research, or creative endeavors. Some products of such work may be owned in part or in whole by the College, as determined by APM 6.3 Intellectual Properties.

Sensitive data: Institutional data that are not legally protected, but should not be made public and should only be disclosed under limited circumstances.

Student: Any individual who is or has been enrolled in classes at Georgia Gwinnett College at any time and/or about whom GGC maintains records. (Note that this definition applies to data management policies only, and does not affect other operational definitions in use at GGC.)

Unrestricted data: Institutional data that have no access restrictions and are available to the general public

Roles and Responsibilities

Data user: GGC employees or students who have been granted authorization by the data managers to access institutional data. Authorization is granted for a specific level of access, as defined by the data management policies, solely for the conduct of institutional business. Data users may have technical access to data, or they may have rights to use data that they need assistance to access. Responsibilities include:

Following the policies and procedures established by the data stewards for responsible use of GGC data.
Using institutional data only as required to conduct GGC business.
Ensuring the privacy of data by viewing and storing data, and the information derived from data, under secure conditions.
Ensuring accuracy and timeliness of the data they enter or update.
Collecting, preparing, entering or maintaining data for the authorized unit(s), if authorized by the data manager.

Data manager: operational managers within a functional area overseeing the data for a particular subject area. Data managers are identified by a data steward and given specific responsibilities and accountability. Data managers have day-to-day responsibility for managing administrative processes and establishing business rules for the transactional systems. They have operational responsibility for the data management activities related to the collection, maintenance, protection, and dissemination of data in their functional areas. The data manager may authorize operational tasks to be performed by data users outside the units that report to the data manager. The data managers are accountable for the data subsets they manage, whether the data are collected or maintained directly by the data manager (or their staff), by data users in other units or by external sources. Responsibilities include:

Reviewing and approving requests for access by other GGC users, as defined by campus data policy.
Determining the type of access given to GGC users.
Assuring compliance with federal, state, and campus regulations regarding the release of, responsible use of, and access to, data.
Training GGC users in relevant regulations and proper understanding of data.
Providing data definitions for each data element within the domain of their operational unit(s).
Communicating any data definition or database changes to the appropriate data administrator.
Ensuring the accuracy, privacy and integrity of the data they manage.
Assisting in the design of data warehouse structures that contain data from their subject areas.

Data steward: senior level officials, designated by data trustees, who have planning and policy responsibilities for data in their functional areas. Data stewards, or their designees, are responsible for recommending policies, and establishing procedures and guidelines concerning the accuracy, privacy and integrity of the data subsets for which they are responsible. Individually, data stewards act as advisors to the data trustees and have management responsibilities for data administration issues in their functional areas. They have overall responsibility for the data in the subsets overseen by all their designated data managers. These responsibilities include:

Interpreting and implementing federal, state, and GGC policies and guidelines.
Ensuring data quality and data definition standards are met.
Identifying the privacy level (unrestricted, internal, sensitive, or confidential) for the data subsets.
Establishing authorization procedures to facilitate appropriate data access as defined by campus data policy and ensuring security for that data.
Resolving issues related to stewardship of data elements that cross multiple units or divisions. For example, Social Security number may have more than one data steward since it is collected or used in multiple systems, such as financial, human resources, and student systems.
Developing standard definitions for data elements, including those that cross multiple units or divisions. For example, there should either be a single definition of “full-time employee” or new data elements should be created for each unique definition.

Data trustee: GGC senior administrators who have overall responsibility for all the data sets maintained by the units reporting to them. Institutional data trustees consist of the President, vice presidents, and General Counsel. Individually the data trustees are accountable for all the data sets within their division. The Vice President for Educational Technology/CIO has the additional responsibility for ensuring an adequate and appropriate technical infrastructure is in place to support the data needs of the institution across all divisions.

Data trustees are responsible for ensuring that campus institutional data resources are used in ways consistent with the mission of the GGC. The data trustees have the responsibility for the appointment and accountability of data stewards.

Data Classification

All GGC institutional data is categorized into four main classification. Information may be considered institutional data if it satisfies one or more of the following criteria:

Data used for planning, managing, reporting, or auditing a major administrative function
Data referenced or used by an organizational unit to conduct institutional business
Data included in an official institutional administrative report
Data used to derive an element that meets any of the criteria above
Data generated under contractual arrangements (grants, etc.) that specifically designate data as belonging to the institution.

Unrestricted Data: These data will be designated as unrestricted or public data. The following are examples of unrestricted data:

Information on the public website
College fact books

Internal Data: The following are examples of internal data:

National Survey of Student Engagement (NSSE) report comparisons
Composite course evaluation reports
Selected internal survey data
Selected directory information, e.g., faculty cell phone numbers

Sensitive Data: Users must be granted specific authorization to access since the data’s unauthorized disclosure, alteration, or destruction could cause perceivable damage to the institution. The following are examples of sensitive data elements:

Any non-confidential information identifiable to an individual (including students, staff, faculty, trustees, donors, and alumni) including but not limited to dates of birth, driver’s license numbers, employee and student id numbers, license plate numbers, and compensation information.
The University’s proprietary information including but not limited to intellectual research findings, intellectual property, financial data, and donor and funding sources.

Confidential Data: These data elements require the highest levels of restriction due to the risk of harm that will result from disclosure or inappropriate use. The following are examples of confidential data elements:

Data not releasable under the Georgia Open Records Act or the Georgia Open Meetings Act
All regulated data
Social Security and credit card numbers
Data protected under the Family Educational Rights and Privacy Act of 1974 (FERPA)
Data protected under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Protected Health Information (PHI)
Data protected under the Gramm-Leach-Bliley Act (GLBA).

By default, all institutional data will be designated as internal data for use within GGC or to satisfy institutional external reporting requirements to the USG Board of Regents (BOR), and to state, federal, or other external agencies unless, the appropriate data steward assigns the data elements or views to one of the three other categories: unrestricted, sensitive, or confidential. Such assignment may be made for general circumstances or on a case-by-case basis taking into consideration the specific data elements requested.

Data Management

College employees will have access to institutional data for use in the conduct of GGC business within the scope of their positions. The permission to view or query institutional data should be granted to data users for legitimate institutional purposes, as defined by job requirements and direct manager.

All GGC employees and students are responsible for understanding their roles as data users, data managers, data stewards or data trustees and for understanding the classification of any data they use in the normal execution of job duties.

All GGC employees and students are responsible for observing all applicable laws, data classification restrictions, security procedures, and appropriate precautions with data.

All GGC employees must complete an annual course in data security and management and sign the GGC Confidentiality Agreement. Data users, data managers, data stewards and data trustees are not required to make explicit requests for the data to which they have access in the course of day-to-day execution of their job duties. However, any employee who has an identified need for data beyond his/her day-to-day duties or for a special purpose analysis must make a request following the GGC data request process.

A record of known databases and other data repositories at GGC and their data stewards and managers is maintained by the Office of Plans, Policies, and Analysis. Employees seeking information on these should contact the office for information.

Compliance

Compliance with the provisions of this policy is mandatory. Non-compliance poses a significant risk to the security of GGC data and to the privacy and security of individuals about whom the College maintains data.

Accessing or making use of institutional data for personal interests or purposes constitutes a violation of this policy. Release of institutional data, at any level of classification, without authorization, constitutes a violation of this policy.

Any employee found to have violated this policy through unauthorized access, use, disclosure, alteration or destruction of data will be subject to disciplinary procedures up to and including termination of employment.

Related Regulations, Statutes, Policies, and Procedures

Family Educational Rights and Privacy Act of 1974 (FERPA)
Health Insurance Portability and Accountability Act of 1996
Gramm-Leach-Bliley Act

10.9 Student Records Management and Security Policy

Reviewed May 26, 2016

10.9.1 Scope

Reviewed May 26, 2016

Because the ongoing security and confidentiality of student records is critical to the integrity of the institution, Georgia Gwinnett College protects the security, confidentiality, and integrity (including data protection and back up) of student records (regardless of storage media) from creation or receipt through processing, distribution, use retrieval, and maintenance to their ultimate disposition. GGC recognizes the importance of protecting confidentiality of records, preserving the integrity of its students’ academic records, and overseeing the release of records in accordance with state and federal mandates and commonly accepted standards and practices among institutions of higher learning.

Student records include but are not limited to the following:

Faculty: Class roles with grades, papers, exams, papers, assessments (paper, learning management system, laptops), advisee notes, confidential conversations in any form (e.g. email, text, print, verbal)
Student affairs: Conduct, Medical (HIPPA, Fitness, Physician, mental health), disability, academic integrity violations, career services, e-mails with confidential information
Enrollment Management: Admissions, financial aid, Registrar (transcripts, grades, applications, financial documentation about residency), medical (immunization and records submitted as documentation for hardship request, etc.), immigration status, e-mails with confidential information
Intra-student e-mail communication within the GGC system

Policies related to confidentiality, security, integrity of records, and data protection and backup are reviewed yearly.

They include:

10.9.2 Records Management Policies

Reviewed May 26, 2016

Georgia Gwinnett College’s policies address records management policies in the following subcategories.

10.9.2.1 Protecting the Right to Privacy

Reviewed May 26, 2016

Georgia Gwinnett College protects the rights of privacy of all student records including academic, medical and financial records, by following all local, state and federal law to include the Family Educational Rights and Privacy Act (FERPA) of 1974, the Health Insurance Portability and Accountability Act ( HIPPA) of 1996), and Gramm-Leach Bliley Act of 1999.

See APM 10.8 Data Management and Classification for related information.

10.9.2.1.1 Restricting Access to Records

Reviewed May 26, 2016

Restricted physical and electronic access is the first line of defense for protecting records from physical damage, intrusion or theft. A proactive approach will be taken with respect to monitoring for physical and system invasion. In protecting records, the College will require that:

All student records will be kept in a locked, secure location and faculty and staff will observe the College’s written standards of behavior when dealing with student records.
Electronic access will be protected as described in APM 10.8 Data Management and Classification, APM 11.3 Information Security Policy and APM 11.50.2 GGC Information Security , following security and confidentiality protocols as defined by the USG Board of Regents (BOR Policy Manual Section 11.3)
See APM 10.8 Data Management and Classification, APM 11.3 Information Security Policy and APM 11.50.2 GGC Information Security for related information.

10.9.2.1.2 Releasing Information only in Accordance with Strict Guidelines

Reviewed May 26, 2016

In accordance with the provisions of the Family Educational Rights and Privacy Act of 1974 (FERPA), the college maintains the right to require consent to disclosure of personally identifiable information contained in the student’s educational records except to the extent that FERPA authorizes disclosure without consent.
In accordance with FERPA, the college permits disclosure without consent if the disclosure of information is to school officials with a legitimate educational interest, such as a person employed by the college in an administrative, supervisory, academic, research, or support staff position (including law enforcement personnel); a person or company with whom the college has contracted (such as an attorney, auditor, or collection agent); a person serving on the Board of Regents; or a student serving on an official committee such as a disciplinary committee, or assisting another school official in performing his or her tasks. A school official has a legitimate educational interest if the official needs to review an educational record in order to fulfill his or her professional responsibility.
Upon request, the college discloses education records without consent to officials of another school in which a student seeks or intends to enroll.

10.9.2.1.3 Providing Students and Their Parents with Information Concerning Students’ Rights for the Protection of Their Confidential Records

Reviewed May 26, 2016

GGC FERPA Disclosure Notice to Students will be explained to new students and their parents who attend the BEAR ESSENTIALS Orientation session as well as available to students on-line and in the Georgia Gwinnett College Catalog.
Signed GGC FERPA Disclose Notice to Students will be maintained in the student file as well as recorded in Banner.
GGC recognizes the right of the student to refuse to permit the release of information, including directory information as defined by FERPA.

10.9.2.2 Student Electronic Records Storage and Recovery

Reviewed May 26, 2016

The College recognizes the need to provide reliable and efficient student services, therefore coordinates with the University System of Georgia to consolidate the technical environment for the Banner Student Information System for the purpose of providing secure, reliable, and cost effective database administration and system support functions.
The Student Information System is managed via a memorandum of agreement with the University System of Georgia Information Technology Systems, which has a contract with Ellucian. A structured recovery plan is well documented and ready for execution in the event of system component failures is part of that arrangement.
See APM 11.50.3 Continuity of Operations Plan Policy for information addressing disaster plans for records.

10.9.2.3 Training of New Employees (Faculty, Staff and Student Workers) as Well as Current Employees

Reviewed May 26, 2016

A regular training schedule for faculty and staff will be maintained to assure that the policy and procedures for storage, release, dissemination and disposition (whether physical, printed, or verbal) is consistently adhered to.
See APM 10.8 Data Management and Classification for additional information on employee responsibilities.

10.9.2.4 Annual Review of Procedures as Well as Immediate Review of Procedures any Time a Breach of Procedures is Identified

Reviewed May 26, 2016

A committee of members responsible for student data will complete an annual review of procedures for records security and privacy.
In the event of a breach of procedures, the registrar will be notified of the violation. The appropriate dean, director and/or HR will address the situation and work with the Executive Director of Human Resources to address the issue with the person or the supervisor of the person who has committed the breach of procedures.

10.9.2.5 Records Retention and Disposition

Reviewed May 26, 2016’

Records will be kept according to the University System of Georgia Board of Regents Records Retention Schedule.
Review of the proper procedures for records disposal will happen annually for faculty and staff via the annual FERPA notification procedure.

10.9.2.6 Release of Records

Reviewed May 26, 2016

Georgia Gwinnett College follows all policies governing the security and confidentiality of records as dictated by the Board of Regents. Georgia Gwinnett College does not publish a student directory; however the student’s name, major field of study, dates of attendance, and degrees conferred may be disclosed without consent of the student. For Georgia Gwinnett College, this is the only information which could be considered “Directory Information” for FERPA or other purposes, including but not limited to external record requests.

Students have the right to refuse to permit the disclosure of any information. If students choose to exercise the right of refusal, they must do so in writing to the Registrar within 30 days of the beginning of each academic semester. It is understood that appropriate college officials will have access to such information and records as shall be necessary for them to perform their professional responsibilities. All official use of student files shall be in accordance with the provisions of the Family Educational Rights and Privacy Act of 1974 (FERPA) and shall be duly recorded and shall be documented as required by its regulations.

In accordance with FERPA, the college permits disclosure without consent if the disclosure of information is to school officials with a legitimate educational interest, such as a person employed by the college in an administrative, supervisory, academic, research, or support staff position (including law enforcement personnel); a person or company with whom the college has contracted (such as an attorney, auditor, or collection agent); a person serving on the Board of Regents; or a student serving on an official committee such as a disciplinary committee, or assisting another school official in performing his or her tasks. A school official has a legitimate educational interest if the official needs to review an educational record in order to fulfill his or her professional responsibility

The following information and records shall not be covered by this policy and access shall not be provided to students: information related to pending admissions decisions, financial records or information relating to students or parents/guardians; confidential statements of recommendation placed in the record obtained if a receipt of a statement from students waiving the right to open accessibility placement records is present; all information relative to the application for and receipt of financial assistance; records created or maintained by a physician, psychiatrist, psychologist, or other professional or a professional acting or assisting in a similar capacity in treatment of a student; institutional employment or faculty files; alumni information; and sole-access educational records. Sole access records are those records of instructional, supervisory and administration and educational personnel that are in the sole possession of the makers and are not accessible or revealed to any other individual except a temporary substitute.

10.9.2.7 Correction of Records

Reviewed May 26, 2016

Pursuant to Family Educational Rights and Privacy Act of 1974, students have the right to inspect their educational records and correct such records if necessary. Students desiring to review their records should make this request to the appropriate official in writing. Such written request will be granted within a period of no more than 45 days from the date of request. In the event the record contains inaccurate, misleading or otherwise inappropriate information, every effort will be made to correct or delete such material, and the student will be so informed of such action in writing. Institutions may release information to governmental agencies for review for purposes of financial aid audits, National Student Loan Clearinghouse, etc. In the event of a subpoena, the institution may disclose information if the institution makes a reasonable effort to notify the eligible student of the order or subpoena in advance of compliance, so that the student may seek protective action, unless the disclosure is in compliance with a Federal grand jury subpoena. Complete information on FERPA policy may be found at www.ed.gov/policy.

10.9.3 Student Records Procedures

Reviewed May 26, 2016

This section details the procedures connected to the Student Records Policies outlines in APM 10.9.2, Records Management Policies.

10.9.3.1 Procedures Related to Privacy

Reviewed May 26, 2016

As outlined in policy, GGC protects the privacy of students. Procedures that relate to privacy include restricting access to records, releasing information only in accordance with guidelines, and providing information to parents and students about student rights for the protection of confidential data.

10.9.3.1.1 Procedures Related to Restricting Access to Records

Reviewed May 26, 2016

All student records will be kept in a locked, secure location with restricted access. Restricted access to records is given based on job level and a verifiable need to view the record. Faculty and staff who have been given restricted access to view records will:

Make sure that all records are kept in a secure, locked location.
Lock computer desktops and/or offices when leaving a work station.
Refrain from storing student records on the computer desktop. All student data should be stored on a secure network drive.
Ensure that College laptops are kept in a secure location whether on or off campus. Laptops must be locked and password protected when not in use.
Properly shred printed material that contains information not necessary for storage.
Maintain confidentiality of student information by being aware of their surroundings when holding discussions with the student or with others who have a verifiable need to know the information.
Attend regularly offered training to faculty and staff to ensure that up-to-date security standards are understood and being adhered to. This training will include an annual review of FERPA, HIPAA, and Gramm-Leach Bliley regulations.

Access to confidential student data is available only to properly authorized personnel. GGC requires that:

All users have individual accounts
User permissions are controlled by user classes that control access to data
Security log tables are monitored
Documentation of site security procedures and end-user responsibilities are maintained.

These procedures apply both to information in the Student Information System and to Student Affairs student records including conduct, medical and other records covered under HIPPA such as Fitness, Physician and mental health, disability, academic integrity violations, career services, and e-mails with confidential information.

All student data stored electronically must comply with policies found in the APM in section 11.

10.9.3.1.2 Procedures Related to Releasing Information

Reviewed May 26, 2016

Faculty and Staff with access to student records are expected to use that access appropriately, mindful that they are required to have a legitimate educational interest in the data they access.

Individuals employed by the college who require data beyond their normal levels of access will submit a data request for the specific data needed. These requests will be reviewed for compliance with FERPA regulations before the data are provided.

10.9.3.1.3 Procedures Related to Informing Students and Parents of Students’ Rights for the Protection of Their Confidential Records

Reviewed May 26, 2016

GGC FERPA Disclosure Notice to Students will be explained to new students and their parents who attend the BEAR ESSENTIALS Orientation session as well as available to students on-line and in the Georgia Gwinnett College Catalog.
Signed GGC FERPA Disclose Notice to Students will be maintained in the student file as well as recorded in Banner.
GGC recognizes the right of the student to refuse to permit the release of information, including directory information as defined by FERPA.

10.9.3.2 Procedures Related to Electronic Records Storage and Recovery

Reviewed May 26, 2016

The Student Information System is managed via a memorandum of agreement with the University System of Georgia Information Technology Systems. A structured recovery plan is well documented and ready for execution in the event of system component failures is part of that arrangement.
See APM 11.50.3 Continuity of Operations Plan Policy for information addressing disaster plans for records. The College recognizes the need to provide reliable and efficient student services, therefore coordinates with the University System of Georgia to consolidate the technical environment for the Banner Student Information System for the purpose of providing secure, reliable, and cost effective database administration and system support functions.

10.9.3.3 Procedures Related to Training

Reviewed May 26, 2016

Faculty and Staff who have been given restricted access to view records will attend regularly offered training to faculty and staff to ensure that up-to-date security standards are understood and being adhered to. This training will include an annual review of FERPA, HIPAA, and Gramm-Leach Bliley regulations.

10.9.3.4 Procedures Relates to Review of Procedures

Reviewed May 26, 2016

A committee of members responsible for student data will complete an annual review of procedures for records security and privacy.
In the event of a breach of procedures, the registrar will be notified of the violation. The appropriate dean, director and/or HR will address the situation and work with the Executive Director of Human Resources to address the issue with the person or the supervisor of the person who has committed the breach of procedures.

10.9.3.5 Procedures Related to Records Retention and Disposition

Reviewed May 26, 2016

Retention of Student Records: Georgia Gwinnett College follows the approved retention schedule for college records which can be found at the University System of Georgia Board of Regents website. Student records are subject to requirements found in APM 10.4 Records Retention policy.

10.9.3.6 Procedures Related to Release of Records

Reviewed May 26, 2016

10.9.3.7 Procedures Related to Correction of Records

Reviewed May 26, 2016

10.50.1 GGC Brand Policy

Reviewed May 26, 2016

The Office of Strategic Communications and Positioning is the “Brand Manager” for Georgia Gwinnett College and, as such, delegates oversight authority to the Office of Public Relations. College communications, including, but not limited to, publications, advertising and promotional material shall comply with the appropriate and consistent use of the Georgia Gwinnett College brand as outlined in the Brand Guidelines.

Defining the College’s brand identity in a way that is clear, understandable, memorable, and authentic is critical to distinguishing it from its competitors. The graphic standards, visual identity and messaging programs solidify institutional communications, enabling a unified and consistent presentation to the community. The programs provide a foundation on which the College’s brand and reputation can be built and optimized.

The ultimate goal in creating a consistent brand is to leave a positive message and a strong memory in prospective clients before they establish a need for service. In the case of Georgia Gwinnett College, consistent use of the brand and visual identity in all parts of the organization create a positive and inviting image for the various constituencies whom the College serves and with whom the College interacts.

Open Records

Policy Number: 10.60
Effective Date: February 3, 2020
Revision History: August 4, 2016
Policy Contact: General Counsel and Director of Legal Affairs

Purpose and Policy Statement

The purpose of this policy is to provide authority for responding to records requests made of the College by any person/entity.

Scope

The policy applies to Georgia Gwinnett College (“College”) and the College Foundation (“Foundation”). This policy applies to every person who is employed or otherwise under the authority of the College and/or Foundation as well as all persons/entities making any records requests of the College.

Definitions

Public record: All documents, notes (handwritten or otherwise), papers, letters, maps, books, tapes, photographs, computer-based or generated information, texts, audio files, video files, data, data fields, or similar material prepared and maintained or received by the College or by a private person or entity in the performance of a service or function for or on behalf of the College or when such documents have been transferred to a private person or entity by the College for storage or future governmental use.

Roles and Responsibilities

Office of Legal Affairs: Receives and responds to all records requests made to the College pursuant to the laws of the State of Georgia. Any person within the Office of Legal Affairs may be responsible for responding to any and/or all such requests. The Office of Legal Affairs will establish appropriate process for implementing this policy.

Compliance

The only office permitted to respond to records requests on behalf of the College is the Office of Legal Affairs. The Foundation is responsible for replying to records requests relevant to its office as directed by the Office of Legal Affairs.

All records requests related to the College received by any person affiliated with the College will be referred to either the Office of Legal Affairs or the web-based link for “Records Requests” set out at the bottom of every GGC web page.

Related Regulations, Statutes, Policies, and Procedures

Georgia Open Records Act