2022-2023 Administrative Policy Manual Published September 2, 2022 
    
    Feb 22, 2024  
2022-2023 Administrative Policy Manual Published September 2, 2022 [ARCHIVED COPY]

Section 10 - Information, Records, and Publications



Brand

Policy Number: 10.1
Effective Date: February 3, 2023
Revision History: None
Policy Contact(s): Associate Vice President for Communications

I. Purpose and Policy Statement

This policy establishes Communications (“Comms”) as the Brand Manager for Georgia Gwinnett College (“GGC”). All College communications, including but not limited to, print and digital content/publications, promotional materials, photography/videography, and advertising are under the exclusive control and authority of Comms and shall comply with GGC Brand Standards, which outline proper usage of logos, colors, styles, and trademarks.

II. Scope

This policy applies to all GGC faculty, staff, students, and authorized vendors or contractors, who may publish print or digital publications on behalf of GGC.

III. Definitions

Print Publications: GGC print publications include all College owned or controlled print materials, including, but not limited to, annual reports, brochures, newsletters, magazines such as GGC’s official publication, Engage, promotional materials, photography, and advertising. All financial contracts pertaining to such publications shall be approved by the Vice President for Business and Finance or a designated representative.

The official print publication of Georgia Gwinnett College shall be Engage magazine. It shall be published two times annually and will contain no paid advertisements or sponsorships.

Digital Publications: GGC digital publications include all College owned or controlled digital media, including, but not limited to, e-newsletters including The Pulse, videography, and official social media accounts as outlined in APM 10.7 Ownership, Control, and Use Policy for Online Resources .

GGC website: The GGC website is defined as the public website, its content (text, images, downloadable documents, feeds, video, etc.), and third-party sites that can be accessed through the public website. The GGC website is managed by Comms. The public GGC website should adhere to the GGC Brand Standards.

Promotional Materials: GGC promotional materials include all College owned or controlled promotional or giveaway items that include the College logo, colors, or trademarks.

IV. Roles and Responsibilities

GGC Comms is the authority for the establishment of GGC’s print and digital publications and promotional materials; the management of existing GGC print and digital publications and promotional materials; the approval of content in GGC print and digital publications and promotional materials; and, the deletion or elimination of print or digital publications and promotional materials when they are no longer needed or are out of compliance.

V. Related Regulations, Statutes, Policies, and Procedures

10.7 Ownership, Control, and Use Policy for Online Resources  
GGC Brand Standards

 

 
 

Accessibility

Policy Number: 10.2
Effective Date: February 3, 2023
Revision History: Reviewed May 26, 2016
Policy Contact(s): Associate Vice President for Communications

I. Purpose and Policy Statement

The GGC website is required by federal law to comply with Section 508 compliance, which mandates that digital information should be equally accessible to people with and without disabilities.

To comply with this federal mandate, the College’s website and other digital publications must comply with the guidelines defined in the University System of Georgia’s Accessibility website.

II. Scope

This policy applies to all GGC faculty, staff, students, and authorized vendors or contractors who may publish digital content on behalf of GGC.

III. Definitions

The GGC website is defined in APM 10.1 Brand .

IV. Roles and Responsibilities

Digital Communications in the office of Communications reserves the right to remove or refuse to link to noncompliant content as outlined in APM 10.7 Ownership, Control, and Use Policy for Online Resources  and the Brand Standards.

V. Related Regulations, Statutes, Policies and Procedures

APM 10.1 Brand   
APM 10.7 Ownership, Control, and Use Policy for Online Resources 
APM 11.60 Electronic and Information Technology Accessibility Policy  

 

Media Relations

Policy Number: 10.3
Effective Date: February 3, 2023
Revision History: November 6, 2017; September 14, 2016
Policy Contact: Associate Vice President for Communications

I. Purpose and Policy Statement

The media relations policy establishes guidelines for contacts and interaction with news media for all GGC personnel.

II. Scope

All employees and student media/organizations are responsible for understanding and complying with this policy.

For any questions on this policy, please contact Public Relations at pr@ggc.edu

III. Definitions

News media: News media includes, but is not limited to, electronic media, social media, broadcast media, print media, blogs, and other related media sources.

IV. Roles and Responsibilities
  1. Public Relations: Public Relations in the office of Communications is the College’s primary point of contact for media inquiries. They are responsible for building and sustaining relationships with the news media, providing support and coordinating accurate and appropriate information.
  2. Faculty/staff:
    1. Employees are not authorized to officially speak on behalf of Georgia Gwinnett College unless specifically designated by the President or the President’sdesignee. GGC employees may speak on their own behalf as long as it is clear any such employee is not speaking on behalf of or representing GGC in any official capacity.
    2. Any faculty or staff member who wishes to contact the news media for campus business purposes must communicate with Public Relations in advance for appropriate coordination and any necessary approvals. Adherence to the requirements under this policy will enable the institution to provide accurate, appropriate and consistent messaging in a timely manner.
    3. Faculty or staff members who are directly contacted by members of the news media must refer the news media to Public Relations for initial review. Upon notification, Public Relations will provide guidance regarding appropriate action to the faculty or staff member.
  3. Student organizations and student media:
    1. Student organizations interested in interacting with the news media for official campus matters should consult with Public Relations for assistance in media relations matters.
    2. Student journalists representing campus media outlets who are reporting on topics regarding the institution, such as College policies and developments, must route requests through Public Relations. A Public Relations staff member will facilitate interviews with the appropriate sources.
    3. Student journalists representing campus media outlets who are reporting on topics regarding faculty research, course projects or general academic coursework may contact faculty members directly to request information or to schedule an interview.

 

 

Records Retention

Policy Number: 10.4
Effective Date: March 14, 2023
Revision History: May 2, 2019; May 26, 2016
Policy Contact: Dean of Library Services

I. Purpose and Policy Statement

In accordance with the Georgia Records Act, O.C.G.A § 50-18-90 et seq., Georgia Gwinnett College shall follow the University System of Georgia (“USG”) Records Retention Schedules and the USG Records Management Policies. The President designates the Dean of Library Services as the Institution Records Management Officer.

II. Scope

This policy applies to anyone associated with GGC who creates records described in the USG Records Retention Schedules.

III. Definitions

Record: Recorded information in any form, regardless of medium or characteristics, including data in computer systems, created or received and maintained by GGC or GGC personnel in the transaction of business and kept as evidence of such activity.

IV. Compliance

Each GGC department must retain and dispose of records in accordance with the USG Records Retention Schedules. The Schedules describe the minimum amount of time that a specific type of record must be preserved.

V. Related Regulations, Statutes, Policies, and Procedures

BOR 6.24 Records Retention
Georgia Records Act 
USG Records Management and Archives

 

 

Ownership, Control, and Use Policy for Online Resources

Policy Number: 10.7
Effective Date: February 3, 2023
Revision History: September 30, 2022
Policy Contact(s): Associate Vice President for Communications, Vice President for Information Technology

I. Purpose and Policy Statement

As required by the University System of Georgia (“USG”), this policy establishes the ownership, control, and use of all Georgia Gwinnett College (“GGC”) online resources, as defined herein. This policy addresses: (i) exclusive ownership and control of all GGC online resources; (ii) exclusive authority over all GGC online resources owned or controlled by the College, and the exclusive authority to acquire additional GGC online resources in the future; (iii) approval of content published on a GGC online resource; and (iv) removal of content improperly published to a GGC online resource.

II. Scope

This policy applies to all GGC faculty, staff, and students as well as authorized vendors or contractors who may publish online resources on behalf of GGC.

III. Definitions

Online Resource(s): GGC’s online resources include all College owned or controlled internet domains, websites, webpages, web or mobile applications, official social media accounts of GGC, online educational resources, and College content generated by employees. Official GGC online resources typically use a GGC credential or GGC-issued credential for login purposes.
For the purposes of this policy, GGC online resources do not include non-public-facing online resources or login pages for technology services/platforms such as Zoom. Login pages are still subject to GGC branding and technology standards and policies.
GGC online resources also do not include personal webpages hosted externally or personal social media accounts of the College’s employees and students.
Inventory of GGC Online Resources: The College maintains a current inventory of GGC online resources that is available upon request through communications@ggc.edu.

IV. Authority and Control over GGC Online Resources
In keeping with USG policy and guidance, all GGC online resources are the property of the College and under its exclusive control. GGC has exclusive authority over all GGC online resources and exclusive authority to acquire additional online resources in its name.
V. Roles and Responsibilities
  1. Creating New Online Resources and Managing Existing Content: GGC Communications (“Comms”) is the authority for the establishment of GGC’s public-facing online resources, the management of existing GGC online resources, the approval of content, and the deletion of online resources when they are no longer needed. Some aspects of management such as authentication and security administration will be performed by Information Technology (“IT”).  When delegated in writing by Comms, designees are responsible for the content created on or posted to GGC online resources under their control, including responsibility to ensure that content (i) complies with applicable USG and College policies, (ii) complies with federal accessibility requirements, and (iii) does not violate the intellectual property rights of third parties. GGC has defined the following roles for creation of specific online resources:
    1. Web Domains: The purchase or acquisition of a new web domain must be approved in writing by the Vice President for Information Technology. All GGC web domains are maintained and managed by Comms and IT. Management of specific domains may be delegated to designated employees. Delegation will be documented in writing, which may be through an email sent to the designee. Designees remain accountable for compliance with GGC branding and technology standards.
    2. Web Pages: Comms must approve the creation of all new webpages managed by GGC divisions, departments, and other units. Content authority may be delegated to designated employees in departments/divisions for all departmental/divisional resources or for specific projects. Delegation will be documented in writing, which may be through an email sent to the designee. Designees remain accountable for compliance with GGC branding and technology standards. Comms or its designee must also approve all content before publication on an institution webpage.
    3. Web and Mobile Applications: Comms and IT must approve the creation of all new web and mobile applications, including those managed by College units. Content authority may be delegated to designated employees. Delegation will be documented in writing, which may be through an email sent to the designee. Designees remain accountable for compliance with GGC branding and technology standards. Comms or its designee must also approve all content before publication on a College web or mobile application.
    4. Official Social Media Accounts: Comms must approve the creation of all official social media accounts managed by Comms. Content authority may also be delegated to another designated employee in the department/division for all departmental/divisional resources or for specific projects. Delegation will be documented in writing, which may be through an email sent to the designee. Designees remain accountable for compliance with GGC branding and technology standards. Comms or its designee must also approve all content before publication on GGC’s official social media accounts.
    5. Deletion of Stale/Obsolete Resources: Comms will periodically review its inventory of online resources and purge those that are no longer needed in accordance with any applicable records retention policies and procedures. Resources that appear to be stale or unused may be archived or deleted. Comms will make a reasonable effort to contact resource managers before archiving or deleting online resources.
  2. Management of GGC Online Resources:
    1. Management: Administration privileges for any GGC online resources may only be assigned to GGC employees or outside contractors whose job duties include the administration of such accounts.
    2. Transition of Management: Part of the separation process for employees shall include the transition of account control over any GGC online resources managed by the departing employee.
    3. Limitation on Management by Student Employees: Student employees shall not be granted administrative access privileges or duties over GGC online resources without express written permission from the appropriate employee with designated content authority for the GGC online resource and with appropriate approval and oversight procedures in place for any content the students are to publish on GGC online resources.
  3. Moderation of Third-party Content: Content created by third-party users of GGC online resources shall be moderated by Comms in compliance with applicable GGC policies governing the posting of content on such GGC online resources and subject to any applicable terms and conditions or end user agreements of the third-party hosting platform.
  4. Removal of Unauthorized Content: Any content created on or posted to a GGC online resource that has not been approved pursuant to this policy or the applicable department’s required review and approval process or is otherwise not in compliance with GGC or USG policies governing online content shall be removed promptly following discovery. The authority and responsibility for removing unauthorized content will reside with Comms or the designee who controls the online resource where the content is located. Ultimate authority for the approval or removal of content on GGC online resources rests with the President of GGC. 
  5. Reporting Cybersecurity Concerns: Any suspected unauthorized content should be immediately reported to Information Security at infosec@ggc.edu for a review of any potential data privacy and cybersecurity concerns.
​​VI. Related Regulations, Statutes, Policies and Procedures

APM 10.1 Brand  
GGC Brand Standards

 
 

Data Management and Classification

Policy Number: 10.8
Effective Date: March 14, 2023
Revision History: September 12, 2019; May 26, 2016
Policy Contact: Chief Enrollment Management Officer; Chief Information Technology Officer

I. Purpose and Policy Statement

This policy describes the roles, responsibilities, and classification for institutional data and provides guidance on management of, access to, and utilization of institutional data for the purpose of ensuring the integrity and security of institutional data and protecting the privacy of those persons for whom we maintain data records.

This policy was developed with these guiding principles:

  1. Everyone is a data user; some individuals may also have additional designated roles with regard to specific data or databases.
  2. All institutional data are classified as internal unless otherwise designated.
  3. All personnel are responsible for ethical use of data.
II. Scope

Information is one of Georgia Gwinnett College’s (“GGC”) most valuable resources and as such requires responsible management by all members of the GGC community. All institutional data should be used with appropriate and relevant levels of access and with sufficient assurance of its security and integrity in compliance with existing laws, rules, and regulations. This policy applies to all employees and students in the GGC community, as defined below.

III. Definitions

Confidential data: Institutional data for which there is a legal obligation not to disclose.

Data managers: Operational managers within a functional area overseeing the data for a particular subject area.

Data stewards: Senior level officials who have planning and policy responsibilities for data in their functional areas.

Data trustees: GGC chief officers who have overall responsibility for all the data sets maintained by the units reporting to them.

Data owner: As the chief executive officer, the president is identified as the data owner.

Data users: GGC employees or students who have been granted authorization by the data managers to access institutional data.

Employee: Full-time or part-time worker at GGC, whether directly employed, contracted, sub-contracted, work-study, or volunteer. (Note that this definition applies to data management policies only, and does not affect other operational definitions in use at GGC.)

Institutional data: Any data element that originates or is in the custody and control of GGC, excluding personal notes and records or data whose primary purpose is scholarly, such as syllabi, course notes, and the products of research or creative scholarly work unless such work meets the criteria for College ownership (full or partial) as defined in 6.3 Intellectual Properties . Examples of institutional data include, but are not limited to:

  1. Elements supporting financial management
  2. Payroll
  3. Student educational records
  4. Student financial data
  5. Medical data
  6. Employee personnel records
  7. Intellectual property
  8. Intellectual research property
  9. Capital equipment inventory
  10. Donor data
  11. Alumni data

Internal data: Institutional data that are available freely within institution but are not available to the public unless required by law. This is the default categorization for institutional data.

Protected Health Information (“PHI”): Individually identifiable health information that is maintained or transmitted in any form or medium. Protected health information excludes individually identifiable health information in education records covered by the Family Educational Right and Privacy Act (“FERPA”)

Scholarly data: Data elements, both quantitative and qualitative, developed for the purpose of classroom instruction, classroom management, research, or creative endeavors. Some products of such work may be owned in part or in whole by the College, as determined by APM 6.3 Intellectual Properties.

Sensitive data: Institutional data that are not legally protected, but should not be made public and should only be disclosed under limited circumstances.

Student: Any individual who is or has been enrolled in classes at Georgia Gwinnett College at any time and/or about whom GGC maintains records. (Note that this definition applies to data management policies only, and does not affect other operational definitions in use at GGC.)

Unrestricted data: Institutional data that have no access restrictions and are available to the general public

IV. Roles and Responsibilities
  1. Data user: Authorization is granted for a specific level of access, as defined by the data management policies, solely for the conduct of institutional business. Data users may have technical access to data, or they may have rights to use data that they need assistance to access. Responsibilities include:
    1. Following the policies and procedures established by the data stewards for responsible use of GGC data.
    2. Using institutional data only as required to conduct GGC business.
    3. Ensuring the security and privacy of data by viewing and storing data, and the information derived from data, under secure conditions.
    4. Ensuring accuracy and timeliness of the data they enter or update.
    5. Collecting, preparing, entering or maintaining data for the authorized unit(s), if authorized by the data manager.
  2. Data manager: Data managers are identified by a data steward and given specific responsibilities and accountability. Data managers have day-to-day responsibility for managing administrative processes and establishing business rules for the transactional systems. They have operational responsibility for the data management activities related to the collection, maintenance, protection, and dissemination of data in their functional areas. The data manager may authorize operational tasks to be performed by data users outside the units that report to the data manager. The data managers are accountable for the data subsets they manage, whether the data are collected or maintained directly by the data manager (or their staff), by data users in other units or by external sources. Responsibilities include:
    1. Reviewing and approving requests for access by other GGC users, as defined by campus data policy.
    2. Determining the type of access given to GGC users.
    3. Assuring compliance with federal, state, and campus regulations regarding the release of, responsible use of, and access to, data.
    4. Training GGC users in relevant regulations and proper understanding of data.
    5. Providing data definitions for each data element within the domain of their operational unit(s).
    6. Communicating any data definition or database changes to the appropriate data administrator.
    7. Ensuring the accuracy, privacy and integrity of the data they manage.
    8. Assisting in the design of data warehouse structures that contain data from their subject areas.
  3. Data steward:   Data stewards, or their designees, are responsible for recommending policies, and establishing procedures and guidelines concerning the accuracy, privacy, security, and integrity of the data subsets for which they are responsible. Individually, data stewards act as advisors to the data trustees and have management responsibilities for data administration issues in their functional areas. They have overall responsibility for the data in the subsets overseen by all their designated data managers. These responsibilities include:
    1. Interpreting and implementing federal, state, and GGC policies and guidelines.
    2. Ensuring data quality and data definition standards are met.
    3. Identifying the privacy level (unrestricted, internal, sensitive, or confidential) for the data subsets.
    4. Establishing authorization procedures to facilitate appropriate data access as defined by campus data policy and ensuring security for that data.
    5. Resolving issues related to stewardship of data elements that cross multiple units or divisions. For example, Social Security number may have more than one data steward since it is collected or used in multiple systems, such as financial, human resources, and student systems.
    6. Developing standard definitions for data elements, including those that cross multiple units or divisions. For example, there should either be a single definition of “full-time employee” or new data elements should be created for each unique definition.
  4. Data trustee: Individually the data trustees are accountable for all the data sets within their division. The Vice President for Information Technology/CIO has the additional responsibility for ensuring an adequate and appropriate technical infrastructure is in place to support the data needs of the institution across all divisions. Data trustees are responsible for ensuring that campus institutional data resources are used in ways consistent with the mission of the GGC. The data trustees have the responsibility for the appointment and accountability of data stewards.
  5. Data owner: As the chief executive officer, the president is identified as the data owner. The data owner has ultimate responsibility for submission of organizational data to the USO. Data owners have the responsibility for the identification, appointment and accountability of data trustees. Data owners will inform the Data Governance Committee of their data trustee appointments.
V. Data Classification
  1. All GGC institutional data is categorized into four main classifications. Information may be considered institutional data if it satisfies one or more of the following criteria:
    1. Data used for planning, managing, reporting, or auditing a major administrative function
    2. Data referenced or used by an organizational unit to conduct institutional business
    3. Data included in an official institutional administrative report
    4. Data used to derive an element that meets any of the criteria above
    5. Data generated under contractual arrangements (grants, etc.) that specifically designate data as belonging to the institution
  2. Unrestricted Data: These data will be designated as unrestricted or public data. The following are examples of unrestricted data:
    1. Information on the public website
    2. College fact books
  3. Internal Data: The following are examples of internal data:
    1. National Survey of Student Engagement (NSSE) report comparisons
    2. Composite course evaluation reports
    3. Selected internal survey data
    4. Selected directory information
  4. Sensitive Data: Users must be granted specific authorization to access since the data’s unauthorized disclosure, alteration, or destruction could cause perceivable damage to the institution. The following are examples of sensitive data elements:
    1. Any non-confidential information identifiable to an individual (including students, staff, faculty, trustees, donors, and alumni) including but not limited to dates of birth, driver’s license numbers, employee and student id numbers, license plate numbers, and compensation information.
    2. The University’s proprietary information including but not limited to intellectual research findings, intellectual property, financial data, and donor and funding sources.
  5. Confidential Data: These data elements require the highest levels of restriction due to the risk of harm that will result from disclosure or inappropriate use. The following are examples of confidential data elements:
    1. Data not releasable under the Georgia Open Records Act or the Georgia Open Meetings Act
    2. All regulated data
    3. Social Security and credit card numbers
    4. Data protected under the Family Educational Rights and Privacy Act of 1974 (FERPA)
    5. Data protected under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
    6. Protected Health Information (PHI)
    7. Data protected under the Gramm-Leach-Bliley Act (GLBA)
  6. By default, all institutional data will be designated as internal data for use within GGC or  external data as reported to the USG Board of Regents (“BOR”), and to state, federal, or other external agencies, unless the appropriate data steward assigns the data elements  to one of the three other categories: unrestricted, sensitive, or confidential. Such assignment may be made for special  circumstances or on a case-by-case basis.
VI. Data Management
  1. College employees will have access to institutional data for use in the conduct of GGC business within the scope of their positions. The permission to view or query institutional data should be granted to data users for legitimate institutional purposes, as defined by job requirements and direct manager.
  2. All GGC employees and students are responsible for understanding their roles as data users, data managers, data stewards, or data trustees and for understanding the classification of any data they use in the normal execution of job duties.
  3. All GGC employees and students are responsible for observing all applicable laws, data classification restrictions, security procedures, and appropriate precautions with data.
  4. GGC employees must complete training in data security and management . Data users, data managers, data stewards and data trustees are not required to make explicit requests for the data to which they have access in the course of day-to-day execution of their job duties. However, any employee who has an identified need for data beyond his/her day-to-day duties or for a special purpose analysis must make a request following the GGC data request process.
  5. An inventory of known data systems at GGC and their data trustees and stewards is maintained by Information Technology, as required by the University System of Georgia. Employees seeking information on these systems should contact IT for information.
VII. Compliance
  1. Compliance with the provisions of this policy is mandatory. Non-compliance poses a significant risk to the security of GGC data and to the privacy and security of individuals about whom the College maintains data.
  2. Accessing or making use of institutional data for personal interests or purposes constitutes a violation of this policy. Release of institutional data, at any level of classification, without authorization, constitutes a violation of this policy.
  3. Any employee found to have violated this policy through unauthorized access, use, disclosure, alteration or destruction of data will be subject to disciplinary procedures up to and including termination of employment.
VIII. Related Regulations, Statutes, Policies, and Procedures
Family Educational Rights and Privacy Act of 1974 (FERPA)
Health Insurance Portability and Accountability Act of 1996
Gramm-Leach-Bliley Act
BOR Business Procedures Manual 12.3 Data Management

 

 

Student Education Records Management Policy

Policy Number: 10.9
Effective Date: February 20, 2023
Revision History: May 26, 2016
Policy Contact: Vice President for Enrollment Management and Institutional Research/Chief Enrollment Managment Officer

I. Purpose and Policy Statement

Georgia Gwinnett College (“GGC”) complies with the Family Educational Rights and Privacy Act of 1974 (“FERPA”), Health Insurance Portability and Accountability Act (“HIPAA”), Gramm-Leach-Bliley Act (“GLBA”) as well as other applicable privacy laws and policies. GGC limits access to student education records by applying the principle of least privilege to sensitive and restricted student education records. GGC protects the confidentiality, integrity, and availability of student education records by complying with requirements and recommendations documented in the University System of Georgia (“USG”) IT Handbook and Business Procedures Manual as well as other industry standards and best practices. GGC follows the University System of Georgia (“USG”) retention and disposition schedules for Student Records.

FERPA protects the privacy of student education records and gives eligible students the right to inspect and review their education records as well as the right to request correction of their records. FERPA applies to all schools that receive funds under an applicable program of the U.S. Department of Education. GGC publishes its annual FERPA notification on its website; this notification includes FERPA-related procedures for students.

In accordance with FERPA, the College permits disclosure without consent pursuant to the requirements of the law, including if the disclosure of information is to school officials with a legitimate educational interest, such as a person volunteering for or employed by the College in an administrative, supervisory, academic, research, or support staff position including law enforcement personnel; a person or company with whom the College has contracted such as an attorney, auditor, or collection agent; a person serving on the Board of Regents or GGC Foundation’s Board of Trustees; staff in the office of the Board of Regents or in the Office of the Georgia Attorney General; or a student serving on an official committee such as a disciplinary committee, or assisting another school official in performing his or her tasks. A school official has a legitimate educational interest if the official needs to review an educational record in order to fulfill his or her professional responsibility.

This policy will be reviewed annually.

II. Scope  

This policy applies to all Student Records as defined by USG and GGC.

III. Definitions

Directory Information: Georgia Gwinnett College (“GGC”) designates student’s name, major field of study, dates of attendance, and degrees conferred as directory information that may be disclosed without consent of the student. For GGC, this is the only information which could be considered “Directory Information” for FERPA or other purposes, including but not limited to external record requests.

Student Records: Include all documents in the Student Records series defined by the University System of Georgia (“USG”) in the USG records retention schedule. GGC reserves the right to designate additional records as student records based on business needs.

Eligible Student: When a student turns 18 years old, or enters a postsecondary institution at any age, the rights under FERPA transfer from the parents to the student.

IV. Roles and Responsibilities
  1. GGC Enrollment Management Services (“EMS”) oversees the management of student education records and related procedures. EMS reviews procedures on an annual basis. A breach of procedures will trigger notification of the Registrar and an immediate review of procedures.
  2. GGC Information Technology (“IT”) and EMS collaborate to comply with policy and employ industry standards and best practices to ensure the security of physical and digital student records that are classified as sensitive or restricted.
  3. All faculty and staff complete FERPA training annually; some employees receive additional role-based training.
  4. All community members are responsible for complying with policies, standards, and procedures.
V. Compliance

Individuals found to be in violation of this policy may be subject to disciplinary or legal action.

VI. Related Regulations, Statues, Policies, and Procedures

Family Educational Rights and Privacy Act of 1974 (FERPA)
GGC FERPA Web Page
GGC Privacy Notice
USG IT Handbook
USG Business Procedures Manual
Health Insurance Portability and Accountability Act
Gramm-Leach-Bliley Act
EU General Data Protection Regulation
APM 10.8 Data Management and Classification   
APM 11.1 Information Technology Compliance  
APM 11.50 Information Technology Institutional Policies and Standards  
APM 11.3 Information Security Policy  
APM 11.50.1.1 Acceptable Use of Information Technology Resources Policy
Recording Class Sessions
Privacy Procedure for Online/Distance Education Students

 

 

 

 

Open Records

Policy Number: 10.60
Effective Date: February 20, 2023
Revision History: February 3, 2020; August 4, 2016
Policy Contact: General Counsel and Chief Legal Affairs Officer

I. Purpose and Policy Statement

The purpose of this policy is to provide authority for responding to records requests made of the College by any person/entity.

II. Scope

The policy applies to Georgia Gwinnett College (“College”) and the College Foundation (“Foundation”).  This policy applies to every person who is employed or otherwise under the authority of the College and/or Foundation as well as all persons/entities making any records requests of the College.

III. Definitions

Public record: All documents, papers, letters, maps, books, tapes, photographs, computer-based or generated information, data, data fields, or similar material prepared and maintained or received by the College or by a private person or entity in the performance of a service or function for or on behalf of the College or when such documents have been transferred to a private person or entity by the College for storage or future governmental use.

IV. Roles and Responsibilities

Office of Legal Affairs:  Receives and responds to all records requests made to the College pursuant to the laws of the State of Georgia. Any person within the Office of Legal Affairs may be responsible for responding to any and/or all such requests. The Office of Legal Affairs will establish appropriate process for implementing this policy.

V. Compliance

The only office permitted to respond to records requests on behalf of the College is the Office of Legal Affairs. The Foundation is responsible for replying to records requests relevant to its office as directed by the Office of Legal Affairs.

All records requests related to the College received by any person affiliated with the College will be referred to either the Office of Legal Affairs or the web-based link for “Records Requests” set out at the bottom of every GGC web page.

VI. Related Regulations, Statutes, Policies, and Procedures

Georgia Open Records Act