5.1.6.p.4. Procedure: Southeastern Technical College Distance Education Student Privacy
PURPOSE Southeastern Technical College (STC) shall verify the identity of students enrolled in distance education courses and ensure that all methods used to verify identity protect students' privacy. APPLICABILITY AND NOTIFICATION This procedure applies to students enrolled in distance education courses at Southeastern Technical College. Students are informed of this protection via STC's Website, the Online Course Orientation Manual, the Getting Started section of Blackboard located in online courses, and the New Student Orientation Part A. ENFORCEMENT According to the Technical College System of Georgia (TCSG) and Industry Standards, STC develops policies and guidelines to meet all security requirements. Information Technology (IT) systems have built in processes to enforce as many of these policies and guidelines as possible. It is the responsibility of system users to understand and follow all policies and guidelines. If anyone is found in violation of any of these polices and guidelines, they are processed according to our current disciplinary action procedures. DEFINITIONS Distance learning: a formal educational process in which the majority of the instruction (interaction between students and instructors and among students) in a course occurs when students and instructors are not in the same physical location. Instruction may be synchronous or asynchronous. Distance learning instruction at Southeastern Technical College includes online and blended courses. OA Online Asynchronous - Course is taught fully online asynchronously with course content, activities and interactions occurring entirely online. This delivery method does not require students to be online at specific dates/times. A proctored event is required. OS Online Synchronous - Course is taught fully online synchronously with course content, activities and interactions occurring entirely online. This delivery method requires students to be online at specific dates/times during the term. Synchronous dates and times will be listed in the course schedule. A proctored event is required. Blended - Course is taught with the majority of the course content, activities and interactions occurring online (>50% but <100% online) but may require students to come on campus for specific labs, assignments, activities, or events. See the course schedule for the time and place of the class meetings. Blackboard: The Learning Management System utilized by the Technical College System of Georgia and Southeastern Technical College (STC) to offer distance education courses through a web-based platform. PROCEDURE Southeastern Technical College utilizes (1) secure logins/passwords and (2) proctored events to verify the identity of students enrolled in distance education courses. Additionally, all students enrolled at Southeastern Technical College, regardless of the mode of instructional delivery (on campus, online, blended), are protected by the Family Educational Rights and Privacy Act of 1974 (FERPA). Students are notified of their FERPA rights during orientation. Information about this act is published on STCs Website and in STC's Catalog and Handbook. To ensure that faculty and staff understand and carry out the commitments to confidentiality, integrity, and security of student academic records, Southeastern Technical College requires annual FERPA training. SECURE LOGINS/PASS CODES When students are enrolled in a course in Banner, they are automatically enrolled in Blackboard and a secure login is created. Students enrolled in distance education courses must use their secure login to access courses in Blackboard. The secure login information identifies students to the system on each course visit. Students use Blackboard to submit assignments, complete assessments, access course materials, and view grades. STC utilizes Multifactor Authentication (MFA) as an added layer of security used to verify an end user's identity when they sign in to an application which includes Blackboard. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber-attack. Students are instructed not to share their login credentials with anyone and to change passwords periodically to maintain security. From the time of the first student logon to Blackboard, STC faculty and staff do not have access to students' Blackboard passwords. Reliability, privacy, safety, and security for Blackboard courses are provided by the Georgia Virtual Technical Connection (GVTC). All courses are loaded onto a server that Blackboard maintains. GVTC is the contact for any server level administrative changes. Proctored Events In addition to using secure logins/passwords, Southeastern Technical College also requires that every online student complete a proctored event as a means of verifying identity. Students must present photo identification, such as a STC Student ID, drivers license, passport, etc. All Off-Campus Proctored Event Registration Forms and On-Campus Proctored Event Registration Forms must be completed in the presence of the proctor. Proctors are to check the information and signature against the identification presented to ensure that the student who is present for the proctored event is the correct student to be completing the event for the scheduled course. Completed proctored event registration forms and all proctored event materials are kept in a secure location by the instructor of the course. PROTECTING THE PRIVACY OF STUDENT DATA IN THE STUDENT INFORMATION SYSTEM Banner is the software front-end for the Oracle database housing student data. This data includes all student institutional history, as well as some biographical information. It is the shared responsibility of the Banner system administrator and all departments accessing student data in Banner to guard against it being compromised and the student's privacy violated. At the physical level, this data is transmitted in encrypted fashion to prevent electronic interception or manipulation. Further security is added by disallowing direct access to the Oracle database or its host server from outside the school network. Students in the Banner system are provided a web portal (BannerWeb) to access most of their own student information such as grades, awards, bills, etc. This information is protected at the physical level by encryption and at the user level by a user id and password combination login. A student's user ID is comprised of a non-associative, sequentially generated number and a complex password which must be at least 8 characters long and include at least 3 of the 4 following characteristics: 1. Upper Case Letter 2. Lower Case Letter 3. Numeric Character 4. Special Character It is the responsibility primarily of the student to guard their ID and password from disclosure. All information in Banner, including student identification numbers, is protected in compliance with the Family Educational Records and Privacy Act (FERPA) and is not shared. PROTECTING THE PRIVACY OF STUDENT EMAIL Student Email is a secure logon environment. The identity of all students is verified through the use of a secure and unique nine-digit student identification number. This identification number is utilized as part of the students username when accessing the student email. Additionally, STC utilizes Secure Sockets Layer (SSL) certificates to establish an encrypted link between the web server and the clients browser. This link ensures that all data passed between the web server and web browser remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of online transactions with users. Students are responsible for using their STC Student Email address when registering third party products. References Exhibit: Proctoring Instructions Exhibit: Proctored Event Registration Form (On-Campus) Exhibit: Proctored Event Registration Form (Off-Campus) Link: STC Proctoring Procedure Link: GVTC Privacy Statement Exhibit: Online Course Orientation Manual
Adopted: April 16, 2018 Reviewed: May 22, 2023; Revised: October 18, 2021; September 19, 2022; September 19, 2022;