Data Sharing Agreement:CommunityCollegeDistrict512 &OtherOutsideParties
DATASHARINGAGREEMENT
betweenHarperCollege and
[INSERTNAME]
This Data SharingAgreement is entered into byand between Harper Collegeand
establish the content, use, andprotection of dataneededby
to support the contractedservice,whethersuchdata isprovidedbyHarperCollege or collectedbyon behalf ofHarper College.
4.0PeriodofAgreement
Theperiod ofthis Agreementshall bein effect fromuntil, oruntilterminated in writingbyeitherorganization.
5.0Intended UseofData
Describe the intended use of data in this section.
1
6.0Constraints on UseofData
DatasuppliedbyHarperCollege to orcollected byon behalf ofHarper College’sstudents, prospective students, employees or alumni is the propertyofHarperCollege andshall not be shared with third partieswithout the writtenpermission of HarperCollege.
Customerdatashall not be sold or used, internallyor externally, for anypurposenotdirectlyrelated to thescopeof workdefined in this agreement without the writtenpermission of HarperCollege.
7.0DataSecurity
shall employindustrybest practices, both technicallyandprocedurally, to protectHarperCollege datafrom unauthorizedphysicalandelectronicaccess. Methodsemployedaresubject to annual review andapproval byHarperCollege.
7.1.1DataElements
Datashared withshall belimited to the dataelementsspecificallydefinedandauthorizedbyHarper College. If
wishes to collectadditionaldata,
must submit a request in writingto HarperCollege. Under no circumstances shall
collect anyinformation classified asSensitive orConfidential without the expresswrittenapprovalofHarperCollege,Data to be shared orcollectedshall belimited to the following elements:
Describe the data elements in this section
7.2DataCategories
Thefollowingdefinitions shall be used to classifydatafor securitypurposes:
Normal:Theleast restrictive class ofdata.Although it must be protectedfromunauthorized disclosureand/or modification, it is often public informationorgenerallyreleasable under College procedures forprocessingpublic recordsrequests.Examples of this class of dataare: class schedules, coursecatalogs,general ledger data, andemployee demographic statistics.
Sensitive: This classincludesdataforwhich specific protections arerequired bylawor forwhich agencies are obligated to preventidentitytheft or similar crimesor abuses. Examples of this class of dataare: peoples’ names in combination withanyof thefollowing:driver’s license numbers, birth date,employeeID number(EID),address,e-mailaddresses, telephone numbers. Also includedare: agencysource codeor object code, agencysecuritydata, educationrecordsincludingpapers,grades, andtest results, or informationidentifiable to an individual thatrelates to anyof thesetypes of information.
Confidential:This classincludes those dataelementsthatareeitherpasswordsinthe traditionalsenseorfunction in the role ofanaccesscontrol suchas a creditcard number, expirationdate,PIN,andcard securitycode. Access to these
1
elements aretightlycontrolledandaudited. Examples of these dataare: SocialSecurityNumbers(SSN),credit card numbers,expirationdates,PINs,andcardsecuritycodes,financialprofiles,bank routingnumbers, medical data, lawenforcementrecords.
7.3Data Handling Requirements
Data handlingrequirements mayvarydependingon the classificationofdatashared with . However, it is anticipated thatmost datashared with will involveamixof dataclasses includingSensitiveand possiblyConfidential information.Therefore, whenever data elements areaggregated forcollection, transmission, orstorage, the aggregate datashall be handled usingthe protocolsthat applytothemost sensitive dataelement.
5.1Personnel
5.2Accessto Data
shall limit access to SensitiveandConfidentialdata to those staffmemberswith a well-definedbusiness need.
5.3Security Training
shallprovideperiodictrainingforstaff on internal securitypoliciesand procedures, andon applicable state andfederallegal requirements forprotectingSensitiveandConfidentialdata.
5.2CriminalBackgroundChecks
shall certifythat all staffmemberswithaccess to confidential information havebeen subjected to abonefidecriminalbackgroundcheckandhave norecord of anyfelonyconvictions.Anyexceptions to this requirement must be approved in writingbyHarperCollege.
5.3Prohibition on Mobile Devices and RemovableMedia
shallhave awritten policyprohibitingthe transfer or storage of unencryptedcustomerinformation onemployee mobile devicesor removable storagemedia for anyreason.Thispolicyshall bemadeavailabletoeachemployee individuallyand shall bestrictlyenforced.
6.0Compliance with Applicable Laws andRegulations
shall complywith allapplicablefederallawsandregulationsprotectingthe privacyofcitizensincludingthe Family
1
EducationalRights and PrivacyAct(FERPA)andthe HealthInsurance PortabilityandAccountabilityAct(HIPAA). Whereapplicable,
shallalso complywithallprovisionsofthe FinancialServicesModernizationAct (the “Gramm-Leach-BlileyAct”).
8.0Indemnification
shalldefend, indemnify, release,andhold HarperCollege harmless from and against all Claims, Losses,and Expenses whenarisingout of or incidental to this Agreementregardless of the negligence orfault of theperson.
9.0Amendments andAlterations to thisAgreement
HarperCollege andmayamend thisAgreementbymutual consent, in writing,atanytime.
10.1Termination ofServices
In theevent Harper College or
terminates this Agreement,orceasesoperation,
shallreturn to HarperCollege alldatacollected in the courseofprovidingthe applicationservice.
shall certifyin writingwithin fivebusinessdays thatall copies ofthe data stored on
servers,backup servers, backupmedia, or othermediaincludingpaper copies have been permanentlyerased or destroyed.
1
Bythe signaturesoftheirdulyauthorized representative below,HarperCollege and [Name],intendingto be legallybound, agree toall of theprovisions of this Data SharingAgreement.
[ Name]Address:
By: Title:
Telephone:Email:
Signature:Date:
HarperCollege
1200 W. Algonquin Rd.Palatine, IL 60067
By: Title:
Telephone:Email:
Signature:Date:
1