Code of Responsibility for Security and
of Records and Files
A person who has access to administrative records may not:
- Reveal the content of any record or report to anyone, except in the
conduct of his or her work assignments and in accordance with University
policies and procedures.
- Release information on an individual whose records are marked
- Release any information to third parties, unless it is an official part
of your job.
- Make or allow any unauthorized use of information.
- Knowingly include false, inaccurate or misleading entry in any report or
- Knowingly expunge a data record or a data entry from any record, report
or file without authorization.
- Share or post individual passwords.
- Seek personal benefit or allow others to benefit personally from the
knowledge of any confidential information they have acquired through work
- Remove any official record or report, or copy of any official report,
from the office where it is maintained, except in the performance of
- Update data that has been downloaded from the central databases. (All
updates must be processed through the central applications - re-download the
updated central data.)
- Make downloaded data available to those that the custodians have not
- Present downloaded data or reports as official data or statistics.
(Official statistics and data must come from the Primary Custodians - see
Access to the Banner system is granted only to authorized individuals who agree
to abide by the above Code of Responsibility for Security and Confidentiality of
Records and Files.
- Individuals who are given access to records and systems must agree to
abide by the guidelines outlined in this document and by Western’s
“Acceptable Use Policy”, Western’s Administrative Procedures (Appendix H,
WWU Catalog), code of Ethics for Faculty (Appendix G, Catalog), Student
Records Policy (Appendix E, Catalog, and WAC 516-26), and Student Rights and
Responsibilities (Appendix C, Catalog, and WAC 516-21).
- Any knowledge of a violation of this code must be reported immediately
to the violator’s supervisor. Violations may lead to disciplinary action,
including dismissal. Violations can also lead to action under the State of
Washington statutes pertaining to theft, alteration of public records, or
other applicable sections.
Custodians of data are defined as persons or offices that
are originators of records or who have been assigned responsibility for the
protection of those records. Custodians of data are responsible for monitoring
access to and security of the information they provide to others, just as they
are responsible for deciding which individuals and which offices will be given
access to their information. Custodians of downloaded and LAN information must
accept all attendant security responsibility. Individuals are responsible for
data that they pass on to others in their offices - faculty, staff, or students.
Primary Custodians. Any questions about this policy should be directed to the
appropriate primary custodian listed below:
Director of Human Resources
Student records system
Student admissions records
Director of Admissions
Student financial aid records
Director of Student Financial Resources
Student account records
Manager of Student Fiscal Services
Student housing records
Director of University Residences
Student health records
Assistant Vice President for Student Affairs
Director of Alumni Affairs
Director of Administrative Computing Services
Please read the Security & Data Management WWU Best Practices &