Admissions DATA USE Policies

All staff and student employees working with the Graduate School with access to confidential admissions data must familiarize themselves with the following policies pertaining to safe use and protection of sensitive data at Georgetown University prior to using any systems containing student information, student records, sensitive and/or confidential administrative records or documentation, or other similar records, information systems, and materials

• University Technology and Information Security Policies, found at http://security.georgetown.edu/technology-policies
• Graduate School of Arts & Sciences Acceptable Use Policy (located below):

Graduate School of Arts & Sciences Acceptable Use Policy

Prospective Student Information - Graduate Programs

The Graduate School of Arts and Sciences follows policies established by University Information Systems (UIS) with regard to access to, acceptable use of, and security of information provided by prospective students and applicants. In addition to the UIS Acceptable Use and Information Security Policies, the Graduate School has outlined some basic principles and best practices information to guide your use of the prospect and applicant systems.

University policies govern the use of systems used for admissions purposes, including but not limited to: the Banner Admissions and Student System Modules, the COGNOS Reporting System, the former PeopleSoft Student Admissions System, the Hobsons-EMT (ApplyYourself) Systems, and connector systems such as BDMS/Extender imaging and Luminis portal systems. All users who have been granted access to the data in these systems, and who have the authority to review and print information from these systems for specific admissions purposes, are responsible for protecting the security and integrity of that information.

Basic Confidentiality Principles

Access to information provided by prospects and applicants is limited to those employees of GU who have appropriate professional cause to make use of the data. The fact that an individual is an employee of the University does not in and of itself entitle that individual to have access to these or to any other records. The only justification for access to data is a “need to know” based on the proper pursuit of professional duties.

All information provided by prospects and applicants is to be treated as confidential. If there is ever any doubt about whether particular information is confidential, it should be treated in a confidential manner.

Ownership of Data

The Office of the Dean of the Graduate School is the responsible owner of all data relating to the recruiting, application, and admission of all students to all Graduate School programs. Consequently and appropriately, the staff of the Office of the Dean will have access to all data pertaining to graduate programs. The Office of the Dean will designate access to these data to other appropriate staff. The Office of the Dean will advise on all issues of confidentiality of and access to data and will determine the appropriate use of data should such questions arise. The decisions of the Dean of the Graduate School or the Dean’s designee regarding confidentiality, access, and appropriate use are authoritative and binding.

Any questions or concerns regarding use of data should be brought to the attention of the Associate Dean for Graduate Admissions for resolution. The Associate Dean, as the Dean’s designee, will be the sole source of authority for all security decisions pertaining to graduate records, and only the Associate Dean may authorize access to any such data.

Data entered or maintained by various graduate departments will be fully accessible to the Graduate School. The data maintained by the Graduate School may be made available to the departments at the discretion of the Graduate School.

Shared Access and Responsibility

Shared access to the data systems by many graduate programs requires all parties to exercise special responsibility and accountability when accessing prospect and applicant records. Many of GU’s graduate programs have complex structures, especially those that permit multiple or joint enrollment with other programs. As a result of these complex structures, and due to varying interests on the part of prospective students, multiple departments are often required to have access to the same prospect and applicant records. Access to these records should be limited to those with a professional need to know as indicated by the program information submitted by the prospective student, or as designated by the Office of the Dean.

Remote (off-campus) access to admissions systems is available, but should be used with the highest concern for discretion and security.

Authorized Users

Users of any admissions systems, who have been approved by the designated department / program admissions representative, will be assigned an ID and a password granting access privileges appropriate to their specific professional roles. Passwords and IDs must not be shared. Rather, new staff must be assigned new IDs and passwords appropriate to their specified roles, while currently-authorized users whose access has been increased must have their privileges adjusted accordingly. All designated users are expected to familiarize themselves with UIS security and acceptable use policies regarding passwords and IDs. Logging out of the systems after use will help ensure that no one will gain unauthorized access. Users who leave the University should be reported to designated systems managers so that their access privileges can be terminated.

Intended Use of the Systems

Admissions systems are designed to provide a central repository where prospective student information may be collected and reviewed by authorized users. These systems incorporate security measures that provide the highest level of protection for the confidential information they contain. But, information that is removed from these systems loses that protection, and must therefore be protected by other means from all unauthorized access, in accord with UIS policies on the distribution and transmission of information. Information that has been printed, distributed via email, or copied to laptop computers or portable drive devices is particularly vulnerable. Confidential information must be appropriately protected from unauthorized interception at all times.

Best Practices Tips and Recommendations

• Always exercise discretion and use best judgment when considering the best way to protect information resources.
• Always log out of any GU data system you may be using when leaving a stationary computer, laptop, or remote access device.
• Limit distribution of confidential information to authorized users and abide by UIS security policies for disseminating and protecting information.
• Limit both printouts and electronic copies of confidential information, or establish procedures to keep information in such formats protected.
• Properly dispose of confidential data reports when no longer required for review purposes.
• Return all original files and documents to the appropriate Grad Office for record maintenance at the earliest possible date.
• Confidential information is protected at the highest level when it is stored in and accessed from GU systems. Removing information from these systems decreases its security and threatens the principle of limiting access to confidential information, which principle you are responsible for upholding.
• Identify department and program users who no longer need access to the system, so their IDs and access privileges can be terminated.
• Familiarize yourself with the Acceptable Use and Information Security Policies posted by UIS on their website at:

https://security.georgetown.edu/faculty-and-staff