Code of Responsibility for Security and Confidentiality of Records and Files

A person who has access to administrative records may not:

  • Reveal the content of any record or report to anyone, except in the conduct of his or her work assignments and in accordance with University policies and procedures.
  • Release information on an individual whose records are marked confidential.
  • Release any information to third parties, unless it is an official part of your job.
  • Make or allow any unauthorized use of information.
  • Knowingly include false, inaccurate or misleading entry in any report or record.
  • Knowingly expunge a data record or a data entry from any record, report or file without authorization.
  • Share or post individual passwords.
  • Seek personal benefit or allow others to benefit personally from the knowledge of any confidential information they have acquired through work assignments.
  • Remove any official record or report, or copy of any official report, from the office where it is maintained, except in the performance of official duties.
  • Update data that has been downloaded from the central databases. (All updates must be processed through the central applications - re-download the updated central data.)
  • Make downloaded data available to those that the custodians have not authorized access.
  • Present downloaded data or reports as official data or statistics. (Official statistics and data must come from the Primary Custodians - see below.)

Other rules

  • Individuals who are given access to records and systems must agree to abide by the guidelines outlined in this document and by Western’s “Acceptable Use Policy”, Western’s Administrative Procedures (Appendix H, WWU Catalog), code of Ethics for Faculty (Appendix G, Catalog), Student Records Policy (Appendix E, Catalog, and WAC 516-26), and Student Rights and Responsibilities (Appendix C, Catalog, and WAC 516-21).
  • Any knowledge of a violation of this code must be reported immediately to the violator’s supervisor. Violations may lead to disciplinary action, including dismissal. Violations can also lead to action under the State of Washington statutes pertaining to theft, alteration of public records, or other applicable sections.

Access to the Banner system is granted only to authorized individuals who agree to abide by the above Code of Responsibility for Security and Confidentiality of Records and Files.

Custodians of data are defined as persons or offices that are originators of records or who have been assigned responsibility for the protection of those records. Custodians of data are responsible for monitoring access to and security of the information they provide to others, just as they are responsible for deciding which individuals and which offices will be given access to their information. Custodians of downloaded and LAN information must accept all attendant security responsibility. Individuals are responsible for data that they pass on to others in their offices - faculty, staff, or students.

Primary Custodians. Any questions about this policy should be directed to the appropriate primary custodian listed below:


Finance Accounting Director
Human Resources Director of Human Resources
Student records system Registrar
Student admissions records Director of Admissions
Student financial aid records Director of Student Financial Resources
Student account records Manager of Student Fiscal Services
Student housing records Director of University Residences
Student health records Assistant Vice President for Student Affairs
Alumni records Director of Alumni Affairs
Other Director of Administrative Computing Services


Please read the Security & Data Management WWU Best Practices & Policies here.

Page Updated 06.26.2013