How Can We Help?

Categories

Hourly Employees and Confidential Information

Created On
Last Updated On
byMatthew
Print
You are here:
< All Topics

The purpose of this policy is to clarify responsibilities and expectations in the supervision of hourly employees, particularly concerning the management of confidential or protected information.

This policy implements security principles from ACC’s mandatory institutional training on cyber security as well as other college policies, procedures, and expectations.

For the purpose of this policy statement, “hourly employee” refers to all types of hourly employees, including work-study and student interns, paid via a PA. Other categories of employees, whether full- or part-time, are not included in “hourly employees.” (E.g., an administrative assistant whose contract is half-time is not considered an hourly employee for the purpose of this policy.)

Hourly employees shall not have access to confidential or protected student or employee information or other potentially confidential or protected administrative/operational information.

  • Hourly employees shall not be assigned tasks that include access to personnel records that may contain confidential or protected information, such as contracts, evaluations, portfolios, etc. 
  • Hourly employees shall not be assigned instructional work that involves access to FERPA-protected information, including but not limited to grades, transcripts, advising information, etc.
    • Such instructional work includes but is not limited to proctoring exams, meeting classes for discussion or other instruction-related activities.
  • Hourly employees shall not be assigned tasks that involve access to administrative processes such as budgeting, procurement, staffing, schedule development/implementation, etc.
  • Hourly employees shall not be granted access, directly or indirectly, to ACC systems requiring authentication, such as eStaffing, Blackbboard, Ellucian/Colleague, eTime, eHire, FacultyEnlight, Lighthouse, etc.
  • This policy specifically precludes:
    • Approving/requesting authentication credentials for an hourly employee;
    • Providing hourly employees login and password information that belongs to a full-time employee;
    • Logging into a system that requires authentication to allow access by an hourly employee;
    • Allowing former full-time employees subsequently hired as hourly employees to retain authentication credentials or other forms of access to confidential or protected information.
  • Supervisors of hourly employees are responsible for ensuring that this policy is implemented and that hourly employees are familiar with this policy.
    • In our division, supervision of hourly employees is the responsibility of department chairs and the dean.
  • Exceptions 
    • Exceptions to this policy must be approved by the dean.
    • Types of exceptions:
      • Hourly employees may be delegated to a full-time employee of the college other than the department chair or dean.
      • Under certain circumstances, hourly employees may be approved for tasks involving confidential information.
      • Programs that create roles the nature of which involves access to specific confidential or protected information. Such programs must include appropriate confidentiality training prior to assuming the role.
    • Exceptions may be granted only in justified cases, and only after a security review and adequate cyber security/confidentiality training,
      • Approval of exceptions will extend no longer than one academic year.
      • A record of approval and documentation of security review and training will be recorded in the dean’s office.

Examples

Let me share a few examples, to help clarify this policy. 

Examples of practices that violate this policy (and college policy)

  • A professor supervising an hourly employee asks the employee to grade exams. (Note: Even tasks such as running scantron forms allows access to FERPA-protected information.)
  • An administrative assistant shares login/authentication credentials with an hourly employee so that employee can perform routine tasks in eStafffing or Lighthouse.
  • A professor supervising a student intern logs into Blackboard for the purpose of allowing the intern to grade quizzes and record grades for class work.
  • A department chair gives an hourly employee his or her “p-card” to purchase supplies for an event.
  • An hourly employee processes professors’ evaluation summaries, e.g., copying, filing, emailing to the dean’s office, etc.
  • A professor asks an hourly employee to meet his or her class when he or she is absent.

Examples of plausible exceptions

  • After approval and training, a department chair delegates supervisory responsibility of a work-study student to a professor for a specific project.
  • After approval and training, Department Chair of the Honors Program assigns Honors Ambassadors Student Interns to collect limited and relevant student contact information for recruitment purposes.
  • After approval and training, the ESOL department hires a Vietnamese speaker as an hourly employee to staff a Vietnamese “hot line” for prospective students,” in the course of which the hourly employee gathers limited and relevant student contact information.
    • Note: In the previous two examples, information gathered will not include, e.g., current number of credit hours, GPA, immigration/residency status, etc. Specific categories of student information would have been approved in advance of the assigned task.
  • A department has an approved peer tutor program that involves establishing hourly Student Instructors with TA-level access in Blackboard.

This policy is effective August 19, 2019.

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents