8.4 Electronic Information Management and Storage

Policy TrackingDate
ApprovedMay 13, 2024
RevisedMay 13, 2024
ReviewedMay 13, 2024

  1. Data Storage and Processing: College owned data classified as sensitive or confidential may only be stored, transmitted to, or processed on explicitly designated equipment or data services that are owned by and under the control of the College. The list of systems designed for sensitive or confidential information is available on the College Intranet, The Insider. No College owned sensitive or confidential data may be stored on an employee’s personal equipment or within any third party service not controlled by the College. All data stored on College owned equipment including server, desktop, laptop or tablet computers, data storage devices (diskettes, USB memory devices, DVD’s, etc.) or residing within an affiliated online service are the sole property of the College. Such ownership of data, however, shall not be inconsistent with the College’s Intellectual Property policies.
  2. Data backup: It is the responsibility of the IT Department to maintain an adequate backup of data stored on administrative systems, servers, and network work group and home folders for business continuity and disaster recovery purposes. It is the responsibility of each employee and their supervisor to ensure their work data is stored in the proper location to ensure the security and availability of the work data.
  3. Data Ownership: The sole data owner of all College data is the College President. Custodianship of College data has been designated by the data owner as follows:
    • Vice President for Student Services: Student Administrative Records including but not limited to transcripts, records of disciplinary action, emergency contact information, admissions and pre-admissions related documents and information.
    • Chief Academic Officer: Curriculum Student Academic Records including but not limited to course materials, grades and academic achievement and progress reports.
    • Vice President for Economic and Workforce Development/Continuing Education: Economic and Workforce Development/Continuing Education Student Records including but not limited to course materials, grades, academic achievement and progress reports.
    • Chief Financial Officer: Financial and payment processing records including but not limited to College financial transaction records, financial statements, credit card payment information, and related financial accounting data.
    • Vice President for General Administration: Human Resource and College Operations records including employee payroll, disability, medical and related records
  4. Information Classification: All data Owned by the College shall be considered classified into one of the following categories based on the nature of the data and in accordance with North Carolina General Statute Chapter 132 – ‘Public Records’.

    Sensitive or Confidential: Data should be classified as Sensitive or Confidential when the unauthorized disclosure, alteration or destruction of that data could cause a significant level of risk to the College or its affiliates. Examples of Restricted data include data protected by state or federal privacy regulations and data protected by confidentiality agreements. The highest level of security controls should be applied to Sensitive or Confidential data.

    Public: Data should be classified as Public when the unauthorized disclosure, alteration or destruction of that data would results in little or no risk to the University and its affiliates. Examples of Public data include press releases, course information, research publications and directory information. While little or no controls are required to protect the confidentiality of Public data, some level of control is required to prevent unauthorized modification or destruction of Public data.

Blue Ridge Community College Policies and Procedures Manual