Sensitive Information Privacy Statement

HACC (Harrisburg Area Community College) is responsible for the information it collects, stores, and transmits. Some of the personal and sensitive information collected is regulated through federal and state laws. This information has specific requirements which protect its access, transmission, and consumption. The Family Education Rights and Privacy Act (FERPA) and Gramm-Leach-Bliley Act (GLBA) are two such federal laws which govern access and reporting of the sensitive personal information HACC collects and stores.

In accordance with HACC’s Acceptable Use of Technology Policy, all of HACC’s employees have a responsibility to protect personal information about our students and employees from public disclosure. This includes information stored on network drives, cloud drives (such as Google Drive), displayed on computer screens, printouts, flash drives, other writeable media, etc. Information that is classified as “sensitive” must be protected and cannot be disclosed or disseminated to the public and should not be stored on cloud drives. Much of the information about our students’ engagements with the College is considered sensitive personal information.

Examples of sensitive personal information include, but are not limited to:

• Social Security Number (including just the last 4 digits), Passport number or Citizen Visa Code
• Driver's License number or State Identification number
• Credit Card Number
• Financial Account Information (Bank and Financial Aid)
• Student Grades
• Student Courses Taken
• Student Test Scores
• Student Schedule
• Student Advising Records
• Student Disciplinary Actions
• Student Educational Services Consumed

Personal information can become sensitive personal information when it is combined with other personal information resulting in it being traced back to a specific individual; such as date and place of birth, mother’s maiden name, etc.

Information Safeguards
All employees and users of HACC technology and data resources are responsible for their role in protecting the College’s information assets because the computers provided or used to access student information provide gateways to sensitive personal information which is stored within HACC technology resources. Therefore, all employees must take the following steps to mitigate risks to HACC’s data assets.

General Guidelines for Protecting Sensitive Information 

• Verify that the requestor has authorization to view or receive sensitive personal information.
• Identify information as “Sensitive” on printouts and electronic media.
• Any external email correspondence (sent to addresses other than @hacc.edu or @hawkmail.hacc.edu) containing social security numbers, credit card information, bank account information or other such sensitive personal information must be encrypted prior to transmission.
• Do not leave paper documents containing sensitive information unattended; protect them from the view of passers-by or office visitors.
• Store paper documents containing sensitive information in locked file cabinets, locked room, etc.
• Shred confidential paper documents that are no longer needed and secure such documents until shredding occurs.
• Immediately retrieve or secure sensitive documents printed on copy machines, fax machines, and printers.
• Do not store sensitive information on laptops, internal hard drives, or any non-HACC owned computer device.

Information We Collect:
Harrisburg Area Community College (HACC) obtains personal information in three ways:

• Information you provide directly to the college through registration or through an application for admission or employment.
• Information the college gathers through transcripts from other schools or referrals.
• Information is automatically gathered when you access our website or mobile application. Our systems automatically recognize the domain and Internet Protocol (IP) address from which you accessed our website, and we record related information that helps us make our website more accessible. Related information may include (but is not limited to) IP address, version of your operating system and web browser, your internet service provider, referring pages, time spent on each page of the Site and clickstream data that records your use of the Site.

How We Use Your Information
“Personal Information” the college receives may be used only for legitimate academic purposes as authorized by the appropriate data stewards.

We may collect, store, and use anonymous information for various purposes, including Site research, administration of the Site, tracking users’ movements around the Site, measuring Site activity, and developing strategies for improving the Site. This information does not result in the identification of your personal e-mail address or any other personal information. Personally identifiable information about enrolled students is protected by the Family Educational Rights and Privacy Act, also known as FERPA, and administered by the U.S. Department of Education.

Cookies and Tracking Technologies
Our website, analytics software, and selected third-party online advertising networks store fragments of information, called cookies, in your web browser. Cookies are small pieces of data that a web server sends to the user’s web browser. The College uses these cookies to measure the performance of our advertising and website's content, functionality, or services. Most of the web browsers are set to accept cookies. If you do not want this information to be collected, you may choose to remove or reject browser cookies. To do so, please follow this instruction from this site: https://allaboutcookies.org/how-to-manage-cookies.   

Data Security
We take the security of your data seriously. We have implemented and enforced administrative, technical, and physical safeguards to protect your personal data from unauthorized access, disclosure, alteration, and destruction. While we strive to use industry-acceptable means to protect your personal data, we cannot guarantee its absolute security. No method of transmission over the internet or method of electronic storage can be 100% secure. Although we employ several combined protective strategies (also known as defense-in-depth), we cannot guarantee the security of your data. In the event of a data breach, we will notify affected individuals in accordance with applicable laws and regulations.

Disclosure of Information
HACC may share your personal information with companies that provide services to HACC so that we can provide services to you and responsibly manage College operations. We strive to minimize the information provided to our service providers and to obtain appropriate agreements regarding their handling of personal information. We may also share personal information as necessary to comply with applicable laws and regulations, to detect and prevent fraud, to protect the security of our information, and to protect the rights and safety of others.

Your Rights
You may have the right to view, amend, or request that HACC delete personal information. For details, see the privacy statements related to the types of information we collect above. Requests to view, amend or delete personal information may be made by sending an email to (proper email address). We may require additional information to verify your identity prior to processing your request.

Changes to this Privacy Statement
Any changes or amendments to this policy will be updated on this page. Advances in technology, legal developments, and new policies and practices may necessitate changes in or updates to this privacy statement. We reserve the right to change this policy without notice. It is the user's responsibility to check this page for changes to this policy.

Contact Us
HACC is committed to providing you with an experience in which you may securely and confidently transact business. If you have any comments or questions about this privacy policy, please email webmaster@hacc.edu.
 

Effective Date: Feb. 8, 2024