Procedure 7.05.01 - Private Data Security

Employee Vigilance

It is critical that the college protects the privacy of our customers whether they are students, patrons, vendors, or employees.  The essential element in maintaining the privacy of our customers’ information is vigilance on the part of those employees entrusted with that information. The employees’ vigilance can best be supported by continuous reminders to that effect. Southeastern will provide privacy guideline reminders periodically.

Data Encryption

Southeastern will also use appropriate technology to help assure that our customers’ information stays private. This technology will include such things as encrypting network data packets to assure that the information is unreadable if hijacked while in transit. The college will also utilize technology to encrypt data housed on mobile media such as laptop hard drives and USB Flash Drives.

All administrative laptops will have a fully encrypted hard drive that requires a boot password before loading the Windows environment. This will prevent the data, potentially our customers’ private information, from being accessed if the laptop is lost or stolen (not yet implemented). All administrative laptops will also have a unique username that must be entered prior to accessing the Windows environment. If the laptop is stolen or lost, the user must immediately report it to the IT Department.

All USB Flash Drives used for administrative purposes (such as student, employee, financial, and other confidential information) will be provided by the IT Department. The provided USB Flash Drives will include at least 256-bit AES password protected encryption that will be pre-set. A user with employee network access must request an encrypted USB Flash Drive through their vice president or president. The IT Department will provide the user with a fully encrypted USB Flash Drive and password when they receive the request from the vice president or president. The user is then responsible for the safe keeping of the encrypted USB Flash Drive.  If the encrypted USB Flash Drive is stolen or lost, the user must immediately report it to the IT Department. The user must return the encrypted USB Flash Drive to the IT Department when they no longer need it or as part of their checkout when leaving the college’s employment.

Email Encryption

Employees must exercise utmost caution when sending any email from the college’s email system to an outside network since that email will most likely be sent in clear text. For this reason, employees will not setup their college email to automatically forward to an outside email system. Furthermore, stakeholder private information will not be sent outside of the college’s email system unless it is critical to accomplish college business and all other mechanisms for sharing the information have been exhausted. If private information must be sent outside of the college’s email system, then it will be encrypted in a password protected document. The password will be shared with the recipient by some means (preferably not email) other than the email housing the encrypted document.

Reviewed and Updated on October 19, 2020