This Policy and Procedure governs the security and confidentiality of personal information entrusted to the care of College of Charleston (“College”) to carry out its mission and to certain other sensitive information that is generated and owned by the College. This Policy and Procedure also establishes the principles and processes by which that information will be maintained and managed.
The South Carolina Family Privacy Protection Act provides, in relevant part:
§ 30-2-20. Privacy policies and procedures required of all state entities.
All state agencies, boards, commissions, institutions, departments, and other state entities, by whatever name known, must develop privacy policies and procedures to ensure that the collection of personal information pertaining to citizens of the State is limited to such personal information required by any such agency, board, commission, institution, department, or other state entity and necessary to fulfill a legitimate public purpose.
Implementation and adherence to this Policy and Procedure are necessary to comply with the cited statute and to provide for the protection of sensitive information that is maintained or owned by the College.
The specific purposes of this Policy and Procedure are:
- To establish a College-wide approach to information security.
- To prescribe mechanisms that help identify and prevent the compromise of information security and the misuse of data, applications, networks and computer systems.
- To define mechanisms to protect the reputation of the College and allow the College to satisfy its legal and ethical responsibilities to others.
- To prescribe an effective mechanism for responding to external complaints and queries about real or perceived non-compliance with this Policy and Procedure.
- To further reduce the risk of exposure and identity theft when a Social Security Number or other personal identifying information is used by the College as a primary identifier and to provide for the consistent, proper and secure management of such information.
This Policy and Procedure is applicable to all members of the College Community including our faculty, staff, students, visitors and contractors who have access to College records regardless of the medium in which those records are stored or where they are located.