1C.5 Employee Data Integrity Policy
Part 1 Purpose:
Ensure that the quality of the data produced is the highest quality and that staff are aware of the legal responsibilities a public body has for such high standards.
Part 2 Policy:
The following guidelines must be followed by all Central Lakes College (CLC) program offices and CLC employees to ensure the integrity of information maintained and disseminated by CLC.
CLC information quality guidelines define “Integrity” as the security of information—protection of the information from unauthorized access or revision, to ensure that the information is not compromised through corruption or falsification.
Confidential nature of CLC records
Data collected or maintained by CLC under a pledge of confidentiality shall be treated in a manner that will assure that individually identifiable data will be used only for statistical purposes and will be accessible only to authorized persons.
Authorized persons include only those individuals who are responsible for collecting, processing, or using the data in furtherance of statistical purposes or for the other stated purposes for which the data were collected. Authorized persons are authorized access to only those data that are integral to the program on which they work, and only to the extent required to perform their duties.
When non-CLC employees are granted access to confidential CLC data or Privacy Act data, they must be notified of their responsibility for taking specific actions to protect the data from unauthorized disclosure. The vehicle for providing this notification is the written contract or other agreement that authorizes them to receive the data. Accordingly, if a commercial contract, cooperative agreement, inter-agency agreement, letter of agreement, memorandum of understanding, or other agreement provides a non-CLC employee access to CLC confidential data or Privacy Act data, it must contain appropriate provisions to safeguard the data from unauthorized disclosure. The authorization document will state the purpose for which the data will be used and that all persons with access to the data will follow MinnState, State of Minnesota, and Federal Data Privacy Laws. These provisions are required whether the data are accessed on or off PCLC premises. They also are required when access to the data may be incidental to the work conducted under the contract or other agreement (such as in systems development projects, survey mail-out processing, etc.).
The integrity of CLC data collection process requires that all survey information be sound and complete. Data must be obtained from the appropriate college official or respondent and the data entries must accurately report the data and responses they provided. The administrative aspects of the data collection process, such as work time reported and travel voucher entries, must be factually reported. Therefore, employees must not deliberately misrepresent the source of the data, the method of data collection, the data received from respondents, or entries on administrative reporting forms.
Part 3 Procedure:
Department managers are responsible for implementing procedural and physical safeguards to protect confidential information from disclosure or misuse within their offices, including:
- Where appropriate and necessary, preparing written procedures for the handling and disposal of confidential data. Ensuring that all employees within their organizations are familiar with and understand these procedures.
- Ensuring that new employees are informed about the different types of confidential data maintained in their work areas and the special precautions that are to be taken with their use, storage, and disposal.
- Developing data collection instruments and collection methodology.
- Ensuring that commercial contracts, cooperative and inter-agency agreements, letters of agreement, and affidavits, which give non-CLC employees access to confidential data, contain the proper confidentiality- and security-related clauses.
Part 4 Responsibilities:
All CLC employees are responsible for following the rules of conduct in the handling of personal information contained in the records covered under the Privacy Act of 1974.
Dissemination of news and data releases
Public information documents require manager-level approval. CLC offices also are required to consult the College President before instituting an automated process to disseminate news releases or other products to the public.
CLC and MinnState have established appropriate computer security measures to safeguard CLC’s data processing environment against destruction or corruption of data or systems, unauthorized disclosure of data, and loss of service. These security measures are part of an overall management control process that includes information technology (IT) security. The CLC Chief Information Officer is assigned overall responsibility for directing the application of such controls.
Part 5 Dissemination:
This policy will be included in grant staff hiring packet. Standard dissemination also applies.
Date of policy creation: May, 2013
Author: Kari Christiansen
Date of Implementation: July 1, 2013