Policy 1C.1 - Data Practices and Retention
Part 1: Records Retention
Per Minnesota Statute Chapter 13, Lake Superior College (LSC) will ensure accurate and secure records collection, storage, and disposal. It is the College’s commitment to protect the confidentiality and ensure proper storage of data in accordance with Family Educational Rights and Privacy Act (FERPA), the Minnesota Data Practices Act (MGDPA), Minnesota Management and Budget (MMB) requirements, Minnesota Historical Society approval, and other applicable laws.
Part 2: Definitions
Subpart A: Data Practices Compliance Official. Per MN Stat. Section 13.05, LSC’s President designates the Vice President of Academic & Student Affairs to be the College’s Data Practices Compliance Official. This individual receives and responds to data practice inquiries and concerns, to include any problems in obtaining access to data in LSC’s possession.
Subpart B: Directory Information. Per MN Stat. Section 13.03 and FERPA 34 CFR § 99.3, directory information refers to information contained in a student’s education record that would not generally, if disclosed, be considered harmful or an invasion.
Subpart C: Educational Record. A record directly related to a student and maintained by LSC.
Subpart D: Health Insurance Portability and Accountability Act (HIPAA). HIPAA is the federal law that established standards on privacy and security of health information, as well as standards for electronic data interchange of health information.
Subpart E: Private Data. Individually identifiable data about students and applicants in any tangible form – wherever located – is private data. All student data not characterized as directory information is considered the student’s private data.
Subpart F: Public Data. All government data collected, created, received, maintained, or disseminated by a government entity shall be public unless classified by statute, or temporary classification pursuant to MN Stat. Section 13.06, or federal law, as nonpublic or protected nonpublic, or with respect to data on individuals, as private or confidential.
Subpart G: Responsible Individual. An LSC employee charged with maintenance, management, and security of data on particular persons, or in some instances; a person or company with whom the College has contracted, a person serving on the Minnesota State Board of Trustees, or in the Office of Chancellor, or a person assisting another school official in performing his or her tasks. Only individuals with legitimate educational or personnel interest will have access to data on students or employees.
Subpart H: Student. An individual who is currently enrolled at LSC. For the purposes of this policy, those seeking enrollment (applicants) and former students (alumni) are included in this definition. All students have the same educational data rights, irrespective of age.
Part 3: Inquiries and Requests for Information
Per LSC Policy 2.0, notice of FERPA policy will be provided to enrolled students at least annually by email. Alternative formats or translations may be accessed through the Office of the Vice President of Academic and Student Affairs.
For further questions concerning your rights, please consult one of the following responsible individuals:
Data Practices Compliance Officer: Vice President of Academic & Student Affairs
Employee Data Privacy Designee: Director of Human Resources
Student Data Privacy Designee: Registrar
Data Security / Breach Designee: Director of Information Technology
Subpart A: Law Enforcement Investigations
Under the MGDPA, a Tennessen warning shall not apply if an employee is asked to supply investigative data pursuant to MN Stat. Section 13.82 subdivision 7, to a law enforcement officer.
Subpart B: Student Data Emergency Exception
Under FERPA regulation 34 CFR § 99.3.6, LSC can share student records in connection with an emergency, if necessary to protect the health and safety of the student or other individuals. The emergency exception must be recorded in the student’s records.
Subpart C: HIPAA
Health records possessed by LSC, as part of a student’s record, are educational data subject to FERPA. Student health records are not subject to the HIPAA Privacy Rule unless the records are maintained by a covered component or operation as defined by HIPAA regulations. Health records maintained by admissions, the student health center, Student Accessibility Services, and for academic purposes are not subject to the HIPAA Privacy Rule
Community clinics operated by the College are subject to the HIPAA Privacy Rule and maintain privacy practice procedures accordingly.
Part 4: Records Retention Schedule
The College maintains processes, identifies responsible authorities, and keeps retention schedules to ensure the integrity, preservation, destruction, and archiving of information in accordance with MMB schedules, FERPA requirements, the Minnesota Historical Society, and other applicable laws.
Part 5: Restrictions on Record Destruction
All records, created, and maintained by the College, excluding forms of intellectual property, are government data subject to the MGDPA. Government data is not the personal property of employees. Such data is subject to applicable laws, institutional policy, and procedures.
History
Date Implemented: May 2006
Date Updated: March 3, 2017
Related Policies/Procedures
Chapter 1: General
- 1A.1 - Organization and Administration
- 1A.10 - Institutional Surveys
- 1A.11 - Lake Superior College Hours
- 1B.1 - Equal Opportunity and Nondiscrimination in Employment and Education
- 1B.3 - Sexual Violence
- 1B.4 - Access for Individuals with Disabilities
- 1B.5 - Institutional Equity
- 1C.1 - Data Practices and Retention
- 1C.2 - Fraudulent or Other Dishonest Acts
- 1C.3 - Employee Code of Conduct