Section VI - Employment Matters
VI B 17
Employee Conduct - Destruction of Personal Information
To state the College's destruction of personal information policy
According to North Carolina’s “Identity Theft Protection Act”, any business that conducts business in North Carolina and any business that maintains or otherwise possesses personal information of a resident of North Carolina must take reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. Personal information is defined as a person’s first name or first initial and last name in combination with the following identifying information:
- Social security or employer taxpayer identification numbers.
- Driver’s license, State identification card, or passport numbers.
- Checking account numbers.
- Savings account numbers.
- Debit card numbers.
- Personal Identification Number (PIN).
- Electronic identification numbers, electronic mail names or addresses, Internet Account numbers, or internet identification names.
- Digital signatures.
- Any other numbers or information that can be used to access a person’s financial resources.
- Biometric data.
- Fingerprints.
- Passwords.
- Parent’s legal surname prior to marriage.
The responsibility for managing the Policy is delegated to the Director of Human Resources. The Director of Human Resources shall be responsible for auditing the purpose of, content of and compliance with the Policy and for interpreting any portions of the Policy as they may apply to specific situations.
The Policy Administrator shall be responsible for providing employees with written copies of the most current version of the Policy and circulating reminders to employees regarding compliance with the Policy on at least an annual basis, or more frequently if deemed necessary by the Policy Administrator. Employees shall abide and comply with the terms of the Policy, and all questions regarding the Policy and its application shall be submitted to the Policy Administrator for review and guidance. Employees should promptly report any possible violations or deviations from the Policy to the Policy Administrator.
When paper records containing personal information are disposed of, they must be shredded so that the information cannot be reconstructed. When electronic information containing personal information is disposed of, it must be destroyed or erased so that the information cannot be read or reconstructed, simply deleting the files is not sufficient.
The Federal Trade Commission (FTC) promulgated Red Flag Rules requiring any financial institution and creditor that holds any type of consumer account or other account for which a potential risk of identity theft exists to create and implement a written Identity Theft Prevention Program. Randolph Community College adopted an Identity Theft Prevention Program to enact reasonable policies and procedures to protect students and college employees from damages associated with compromise of sensitive personal information. The Identity Theft Prevention Program may be accessed at www.randolph.edu under Randolph College Employee Publications.
Adopted: 07/17/2008
Revised: 07/16/2009