Protecting student data is very important and is a federal mandate under FERPA. The Family Education Right to Privacy Act of 1974 (FERPA) is a federal mandate designed to protect the privacy of students’ records. It includes academic records, financial aid records, attendance records and any other personally identifiable information collected by the college that, if shared, could violate the privacy rights of students and former students. Following are best practices when working remote:
Keep Hartnell devices with you or at your working location secured. If you are in a public location, do not leave them unattended. It is not recommended to leave laptops in cars as they can become a target for theft.
Lock your home screen when you leave your workspace. This is good practice in general, but especially important when working with sensitive student information.
When accessing student information, take care that others cannot see your screen.
Do not plug thumb drives, external drives, or charge your phone using your Hartnell device.
Scams around Covid19 have increased recently. These attacks often disguise themselves as a real company or person. It is advisable to take extra precautions:
- Avoid clicking links in unsolicited email and do not open email attachments from senders you do not recognize.
- Never give out personal financial information through email.
- Use legitimate websites as sources of information regarding COVID-19.
Keep work data, including any data from Colleague, in your Virtual Machine. Avoid downloading and keeping district data outside of your virtual, or on any personal computer.
Do not email high-risk or confidential data. Save confidential data into the Hartnell R drives. Student communication to @student.hartnell.edu email addresses is FERPA compliant.
When using a personal device, if the device is to be used by other persons (such as your family members), a separate password protected profile should be set-up for the employee, which cannot be accessed by other individuals.
Never share Hartnell password(s) with anyone, including family members.
Avoid using public WiFi if possible. A password protected home network is preferred.
Do not ever share SSNs or any other highly sensitive information over conference calls or virtual meetings.
Be aware of your screen sharing, audio, and video settings at all times. Never share a screen with confidential student data on it unless in specific circumstances. Colleague screens specifically should never be shared through screen sharing except special circumstances (A one on one counseling session with a student that has identified themselves, for example)
Be aware of attendees in zoom meetings. “Zoom bombing” (link to news article: https://www.insidehighered.com/news/2020/03/26/zoombombers-disrupt-online-classes-racist-pornographic-content) is a new form of disruption where meeting attendees post or share inappropriate content during the meeting. If Zoom links are public, anyone with internet access can join the meeting, and if users are sharing confidential information with a student, that third party can see and overhear that information. IT recommends keeping zoom links private though approved channels (Canvas, Hartnell Gmail, etc), and keeping an eye on meeting attendees.