Primary Privacy Statement
What Information We Collect
Our networking equipment, like all networking equipment, may automatically collect and store information such as the IP address of your computer, the operating system, browser software used, access times, and pages visited. This data is used statistically and in aggregate to monitor network performance, network security and to help manage the network and improve service. The information automatically collected is used to improve the college’s network and to help administrators understand how users are interacting with websites.
The information collected on Enterprise State websites is not collected for commercial marketing purposes and the college is not authorized to sell, or otherwise disclose, the information collected for commercial marketing purposes.
Enterprise State Community College does not track individual visitor profiles but does reserve the right to use log data to diagnose problems with our server or networks, analyze resource management or investigate security concerns.
Some of our webpages may link to external websites not owned or controlled by the College. The College is not responsible for the privacy practices or the content of such websites.
Most pages on the escc.edu domain utilize a technology known as Google Analytics that allows us to gather general statistics regarding how our websites are used. For example, if we know what browser software and screen resolution our users are utilizing, we are better able to design web pages that suit our users. The statistics we generate are aggregate.
We do not track the usage patterns of individual users, in fact, we use Google Analytics anonymization to prevent Google’s ability to cross-reference your use on our site with data collected on other sites utilizing their services. Please visit the Google Analytics website for more information.
Enterprise State Community College policy does not allow the release of personally identifiable information to third parties (other than its agents when required for college business) without the permission of the person identified. The College may release or disclose personal information without consent if the disclosure is allowed or required by court order or by law.
Among the laws and regulations that mandate baseline privacy and information security controls, the most notable for Enterprise State include the following:
- Health Insurance Portability and Accountability Act (HIPAA) – Protective Health Information (PHI) may be used and disclosed for Treatment, Payment, and Healthcare Operations (TPO). The information that is disclosed must meet the “Minimum Necessary” standard. This means the least information required to accomplish the intended purpose.
- Family Educational Rights and Privacy Act (FERPA) – Protects the privacy of student education records and gives parents certain rights with respect to their children’s education records. Additional student privacy information, may be found on the Family Policy Compliance Office website by following this link: http://familypolicy.ed.gov/
- Payment Card Industry (PCI) Data Security Standards – A framework of standards and compliance requirements designed to protect consumer payment card data.
Enterprise State Community College supported information systems do not store credit card data. The college utilizes Touchnet to interface with the Banner ERP/SiS for payments. The data is scanned and transmitted real-time and no data is stored in any college information system.
Additional laws and regulations apply in the wake of unauthorized disclosure of individuals’ data, requiring ESCCIT to take specific actions if any protected data may have been disclosed either accidentally or maliciously to unauthorized parties. Individuals who handle protected data are encouraged to speak with their managers to better familiarize themselves with relevant laws and regulations.
Gramm-Leach-Bliley Act – The GLB Act, or GLBA, is also known as the Financial Modernization Act of 1999. It is a United States federal law that requires financial institutions to explain how they share and protect their customers’ private information. To be GLBA compliant, financial institutions must communicate to their customers how they share the customers’ sensitive data, inform customers of their right to opt-out if they prefer that their personal data not be shared with third parties, and apply specific protections to customers’ private data in accordance with a written information security plan created by the institution.
The primary data protection implications of the GLBA are outlined in its Safeguards Rule, with additional privacy and security requirements issued by the FTC’s Privacy of Consumer Financial Information Rule (Privacy Rule), created under the GLBA to drive implementation of GLBA requirements. The GLBA is enforced by the FTC, the federal banking agencies, and other federal regulatory authorities, as well as state insurance oversight agencies.
Other Data Collection
Visitors using online forms or applications on our web pages may choose to supply information voluntarily. Information collected via such web forms will be securely maintained and be used only for the purposes for which it was supplied. Pages collecting such information should be transparent about the information they are collecting as well as the purpose for the data collection.
Enterprise State Community College policy does not allow the release of personally identifiable information to third parties (other than its agents when required for college business) without the permission of the person identified, or as allowed or required by law. We do not sell the information we collect from individual visitors to our websites to third parties.
The College implements reasonable physical, technical, and administrative safeguards designed to prevent unauthorized access to or use of the information we collect online. While we strive to protect your information, we cannot guarantee or warrant the security of such electronic data. However, we will only use your information for the educational, research, or other purpose in furtherance of the College’s mission for which it was provided.
Your information will be retained or disposed of according to the College’s records management principles and polices.