Data Security Procedure Policy
Approved by Executive Council on May 8, 2007
|Policy Number||Policy Owner|
Statement of Policy
The Office of Institutional Advancement acquires information about SUNY Plattsburgh constituents - alumni, students, parents, corporations, foundations and friends - that may be confidential and/or highly sensitive. Institutional Advancement staff, staff in other areas, faculty and volunteers, who are authorized recipients of confidential and/or sensitive information are responsible for protecting the privacy of our constituents and for assisting Institutional Advancement in maintaining a database of constituent information.
The Institutional Advancement database exists for the purpose of promoting the College, building and sustaining relationships and securing charitable support from alumni, students, parents, corporations, foundations and friends. Using or sharing information, mailing lists and/or biographic information for private, commercial or political purposes, for the purpose of creating an independent database or for a purpose other than that which is approved by Institutional Advancement is strictly prohibited and will be considered a misappropriation of College property.
All persons with authorized access to constituent information are responsible for compliance with the following Data Security Procedures.
Data Security Procedures
- Copies of all documents containing constituent information, including but not limited to: gift agreements, endowment agreements, memorandums of agreement, phonathon cards, pledge forms, credit card information, giving reports, mailing lists, donor profiles, financial statements, contact reports, contact reminders, customized database reports, and private correspondence must be destroyed immediately after use for intended purpose. Original documents must be returned to Institutional Advancement files as soon as practical.
- Constituent information will always be secure; not available on a desktop or otherwise accessible or in the open when the user is away from their office or the information.
- Shared file cabinets containing constituent files will be locked at the end of the day or when a minimum of one staff person is not in the immediate vicinity of the files.
- Offices will be locked at the end of the day or when a staff person is away for an extended period of time during the day.
- Constituent information stored on computer hard drives will be removed from the hard drive as soon as possible after use for intended purpose.
- Because laptops are targets for theft and may contain confidential and/or sensitive information, laptop users assume the responsibility of making prudent choices about protecting the laptop and the information contained therein from theft.
- Where possible, confidential and/or sensitive data should not be stored on laptops that leave campus. If a laptop contains sensitive data, extra steps to prevent the loss of the data in the event of theft should be taken. These steps include data encryption and/or password protection of such items or where possible, the removal of fields which contain highly sensitive information.
- Extra precaution will be taken in regard to combining elements of biographical database information that could compromise the security of a constituent's identity.
- Requests for information from College representatives and volunteers with a demonstrated need will be considered on a case-by-case basis.
- Database information requests will be directed as follows:
- Requests for constituent/database information for the purpose of fundraising will be referred to the Director of Advancement Services who will review requests with the Vice President for Institutional Advancement.
- Requests for constituent/database information for all other purposes, including but not limited to surveys, newsletters, invitations, etc. will be referred to the Director of Alumni Affairs, who will review requests with the Vice President for Institutional Advancement.
- The Director of Advancement Services and the Director of Alumni Affairs, respectively, will review and approve documents and/or email that will be sent out to constituents and should be on the distribution list that is distributed to the requestor of information so that s/he will be apprised of when and what documents/messages are sent to constituents.
- Subsequent updated address or biographical information received by those sending out messages to our database constituents should be shared with the Office of Institutional Advancement so that we may update our records.