Statement of Responsibility

For the Security and Confidentiality of Data and Data Networks

General Responsibilities

Security and confidentiality of all data is a matter of concern for all members of the Luther community who have access to records and files, paper and computerized, and the data infrastructure and networks owned by Luther College.

Each person working with institutional data holds a position of trust and must recognize the responsibility of preserving the security and confidentiality of the information and the systems and networks it uses. All members of the Luther community with authorized access to institutional information or data networks are expected at all times:

  • to keep personal passwords private; passwords are not to be written down or shared with others;
  • to use Google 2-Step Verification;
  • to use Multi-Factor Authentication (MFA);
  • to sign off or lock your workstation when leaving the immediate work area for an extended period of time;
  • to assume responsibility and be held accountable for all data modifications made using their user ID and password;
  • not to make or permit unauthorized use of any information in the files or databases;
  • not to permit or provide access to Luther College data infrastructure or networks by any unauthorized individuals;
  • not to seek personal benefit or permit others to benefit personally by any confidential information which has come to them through their work assignment;
  • not to exhibit or divulge the contents of any record or report to any person except in the conduct of their regular work assignment;
  • not to use any official record or report (or copy of same) for purposes other than college business;
  • not to operate or request another to operate any Luther College computer equipment for purely personal business;
  • not to aid, abet, or act in conspiracy with any person to violate any part of this Statement of Responsibility;
  • to report any violation of this Statement of Responsibility code to one's supervisor immediately.

Violation of the provisions contained in this Statement of Responsibility will lead to corrective action consistent with the general disciplinary policies of the college.

Responsibilities Regarding Student Information

FERPA and Student Information

Each person is responsible for knowing the special considerations relative to student information and the Family Educational Rights and Privacy Act (FERPA). It is important that each individual with access to student data understands the reasons for the existence of the Family Education Rights and Privacy Act (FERPA), the consequences of non-compliance, and the procedure involved in order to respond to inquiries about students records.

FERPA is a federal law that guarantees students:

  • the basic right to have access to all their education records;
  • the assurance that their records are protected from access;
  • the right to challenge their records believed to be inaccurate, misleading, or otherwise in violation of the student's privacy.

Any institution that has programs that are federally funded (such as Pell Grant and GSL) must comply with this law or be subject to loss of those funds. In addition, individuals with access to student data who do not comply with this law are subject to college personnel and disciplinary policies and/or accountability in a court of law.

The following guidelines will provide some assistance in complying with FERPA.

Students must be allowed access to:

  • all types of education records directly related to that student (copies of records may be provided with or without charge).

Procedures for student access are:

  • electronic authorization or presentation by the student of an ID (telephone requests should not be honored) or receipt of a signed and dated request from the student.

Students must not be allowed access to:

  • education records (such as print-outs of class lists) that contain information on more than one student (the student may review only the specific information about themselves);
  • financial records of the student's parents;
  • confidential letters of recommendation, for which the student has signed a waiver.

Circumstances that allow third-party access to confidential educational records (all third-party requests should be referred to the Registrars Office):

  • to college employees who are in the process of carrying out their specifically assigned educational or administrative responsibilities; whether the need to know is a legitimate educational interest must be determined by the employee's office/department administrator or manager;
  • to parents of a dependent student, as defined by the Internal Revenue Code;
  • to representatives of the Department of Defense, limited to directory-type information;
  • in connection with financial aid;
  • to federal or state educational authorities;
  • to accrediting organizations;
  • in compliance with a lawfully issued subpoena;
  • in connection with a health or safety emergency.

Note: Education records disclosed in the above circumstances must include the condition that further disclosure to a third party not be made without the prior consent of the student.

Access to student directory information

Luther College employees may release directory information without written permission of the student; however, students have the right to restrict access to directory information. For students who have made such a request with the Student Life Office, the specific restrictions that are requested may be identified on that students record in Colleague. If an employee encounters one of these records, they will receive a message on the screen notifying which data has been restricted. If a student has requested that access to directory information be restricted, they should refer all requests for information about that student to the Student Life Office.

Directory information is defined as:

  • name
  • local and permanent mailing address
  • campus residence hall
  • home telephone number
  • campus telephone number
  • email address
  • dates of attendance
  • year in school
  • major(s) and minor(s)
  • awards, honors
  • degree(s) conferred
  • past and present participation in officially recognized activities and sports
  • physical characteristics (height/weight) of athletes
  • date and place of birth
  • photographs and other visual images*

*Luther College records visual images during many campus events and daily activities, such as convocations, concerts, classes, athletic events, and other public events on and off campus. These images are regularly used and published as part of Luther's coverage of campus life for a variety of audiences, including but not limited to - the Luther Magazine, the Luther official website, and admissions materials.

Responsibilities Regarding Other Constituencies Information

Alumni Records

Alumni records are for official college and Luther College Alumni Association use, and also for individual communication of a personal nature between alumni. Use of this information for any other purpose, including, but not limited to, reproducing and storing in a retrieval system by any means, electronic or mechanical, and photocopying or using the addresses or other information for any private, commercial, or political mailing is strictly prohibited and constitutes misappropriation of college property.

Employee Records

Employee information is for official college use only. Communication of employee information to another member of the Luther community will be limited to name, title, campus location, campus telephone, campus email address, home address, home telephone, spouse name, and children's names. The use of this information and any other employee information/records for any other purpose, including, but not limited to, reproducing and storing in a retrieval system by any means, electronic or mechanical, and photocopying or using the addresses or other information for any private, commercial, or political mailing is strictly prohibited and constitutes misappropriation of college property. Personal information listed in the Faculty/Staff Directory must have the employee's written authorization.

  • All other requests for employee information from Luther employees not included in the items above should be referred to the Office of Human Resources.
  • All third-party requests should be referred to the Office of Human Resources. Information will only be given upon receiving written authorization, which includes an employee signature authorizing release of such information.
  • Employee information released without written authorization from the employee will be limited to requests from state or federal authorities in compliance with a lawfully issued subpoena or in connection with a health or safety emergency.

Responsibilities Regarding Access to Data Infrastructure and Networks

Luther College, as part of a continuing commitment to faculty, students, and staff, provides certain telecommunications and computing equipment as well as access services. These facilities include telephony infrastructure, centralized servers for email, www, administrative applications, academic applications, and data; a fiber-based campus network backbone as well as associated network hardware and software which distribute network resources to academic, administrative, and residential buildings; desktop resources such as computers, printers, and software; as well as access to campus and global information resources. These resources are to be used for education, research, and administrative purposes related to the mission of the College, and consistent with appropriate codes of College conduct. It is expected that users of campus information technology resources will respect the priority of these purposes.

As a member of the Luther community you are encouraged to use these resources. By using these resources, you agree to abide by all policies and procedures of the College. Luther College expects ethical and responsible behavior. You are expected to conduct yourself as is appropriate for any good citizen and you will not participate in any illegal activity, any for-profit commercial activity, or anything else that will negatively impact other users of Luther College information technology resources.

Use of these resources is governed by and is subject to all applicable college policies. For student governance, see the Student Handbook for details of the Luther Prescribed Conduct, specifically sections 6.3 Obstruction of Activities and/or Causing a Disturbance; 6.7 Vandalism; and 6.9 Use of College Owned Equipment or Facilities for Unlawful Purposes. Also in the Handbook under the heading Offenses Which Exploit Others, see specifically sections on Sexual Harassment, and Discriminatory or Harassing Conduct.

For details on faculty or staff governance, see the respective handbook or other authorities that describe the Luther Code as it applies to faculty and staff.

Failure to comply with any of these or other applicable policies will result in sanctions as outlined in those policies and denial of access to these information technology resources.