POLICY FOR SAFEGUARDING STUDENT INFORMATION
NeeCee’s College is committed to implementing and maintaining a comprehensive information security program, to maintain and safeguard your non-public personal information against damage or loss. The policy covers all student records in whatever form (hard copy, electronic).
The school Director/administrator shall be responsible to coordinate the school’s information security program. The Director shall, at least once every 3 years, assess foreseeable internal and external risks to the security, confidentiality, and integrity of student information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of the information. The risk assessment shall cover every relevant area of school operations, including employee training & management, network & software design, information processing, storage, transmission and disposal, and ways to detect, prevent and respond to attacks, intrusions, or other system failures. The Director shall design and implement safeguards to control identified risks and shall monitor the effectiveness of them, recommending changes when warranted.
Records for prospective students who are not accepted or who do not enroll in the school will be held for 12 months then destroyed in a secure manner. Records of enrolled students shall be maintained in accordance with federal and state law and accreditation requirements. Students shall receive notice of this policy at the time they enroll.
NeeCee’s College shall only enter into servicing agreements with service providers who also maintain appropriate safeguards for customers’ non-public personal information.