Data Security at Bates
Bates believes data security is the responsibility of every member of the campus community. Every employee and student of the College is bound by ethics as well as FERPA, HIPAA, CALEA, and state regulations (including, among others, Maine Statutes Title 10 Chapter 210-B, Massachusetts Statute 201 17.00, & California Senate Bills 1 & 1386) to exercise proper stewardship of data.
In order to protect College data and constituents, minimize institutional exposure, and maximize practice of stewardship, Bates relies on user education and systems. Our systems minimize what users are asked to do proactively and community norms help people realize that their responsibility is concrete, rather than abstract. This approach is based on the research that reveals that the more complex the requirements, the lower the effectiveness.
Bates expects all employees to take advantage of the following education opportunities, where applicable
- Banner (ERP): offered monthly for all new employees
- Argos (data extraction and reporting tool): regularly scheduled classes for all Argos users
- Data Security Awareness Program: required of all faculty and staff
Bates expects all employees and students to do the following
- Be aware of your responsibilities and exposures.
- Use the tools provided by the College.
- Do not share your Bates credentials with anyone. Ever.
- Do not reuse your Bates credentials with other services.
Bates expects all employees who deal with PII to take particular care and be mindful that unathorized disclosure is considered a data breach that must be reported under a variety of state laws. Bates employees should be very careful in storing information on unencrypted Bates-owned devices and should not download documents with PII to non-Bates devices.
In Maine, PII includes the person’s first name or first initial and last name in combination with social security and driver’s license numbers; bank account, credit card, or debit card numbers if they can be used to access the account without additional access codes; account passwords, PINs or other access codes; or any combination of the above that could be used with a person’s first name or first initial and last name to fraudulently assume or attempt to assume a person’s identity without the person’s knowledge.
Bates expects all employees and students to understand and abide by the following policies
- Computer Use Policy
- Intellectual Property
- Access to Computing and Electronic Information Resources
- Fair Access to Network Resources
- Peer-to-Peer File Sharing Advisory
- Confidential Data (policy under development)
- Encryption for Personally Identifiable Information (process & policy under development)
- FERPA is the Family Educational Rights and Privacy Act
- HIPAA is the Health Insurance Portability and Accountability Act Privacy Rule
- CALEA is the Communications Assistance for Law Enforcement Act
- Personally Identifiable Information is data used for the express purpose of distinguishing individual identity.