Scanners in administrative offices

From Help Wiki

Maintaining the confidentiality and privacy of the data provided to the college by students, employees and the public is extremely critical as a value and in practice. All of data collected by administrative offices and processes of the college are protected by various college, state and federal policies, laws and contracts. To help the college comply with all of these, the acquisition and use of scanning equipment is reviewed and approved by the AVP of Computing and Communications or their designee.

Requirements for the acquisition and use of a scanner:

  • Complete and submit a New Technology Request form.
  • Complete an IT Risk Assessment for Scanners.
  • Scanners are only allowed to scan to hard drives - to the computer, locally attached and encrypted or to a college share drive on the network. You should always save college documents in your area's secure share drive. Share drives are backed up and secure.
  • Scanning to email or removable storage (via Bluetooth, Wi-Fi, USB or other cable attachment to an external drive or thumb drive, etc.) IS NOT PERMITTED.
  • Devices purchased by college offices will have "scan to email" and "Wi-Fi hotspot" capabilities disabled, as well as an other features that could put the college's data at risk.
  • Scanned documents and their digital copies must be managed in accordance with the college's data retention schedules and are subject to public records requests. We recommend that you check with the college's Public Records Officers to determine if the digital copy can be kept in place of the digital copy.

Questions to be answered on the EIT Risk Assessment include:

  1. Describe the data being scanned.
  2. Does the data include any personally identifiable data, confidential data, or FERPA data?
  3. Where will the data be stored?
  4. Who will have access to the data?
  5. How will access to the data be secured?
  6. Describe your data archival and record retention plan.