Eastern Illinois University maintains strict confidentiality and security of records in compliance with the Family Educational Rights and Privacy Act of 1974 (FERPA), the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), in addition to other federal and state laws. These laws pertain to the security and privacy of all records that contain information that identifies or could lead to the identification of a student or that could reveal private information concerning an employee or customer.
Employees are authorized access to such private information as a condition of employment to the extent necessary to perform their duties. As an employee/volunteer/student/third-party administrator of the university, you are required to protect against unauthorized access to such information, ensure the security and privacy of such information, and disclose any anticipated threats or hazards to such information. You must be very careful not to release this information to the public or to other individuals, including but not limited to university employees who have not been authorized or who do not have a legitimate institutional or business need to know. Any questions regarding release of such information to another person should be directed to your supervisor or their designee.
Eastern Illinois University defines unauthorized access to be:
- Access to student, employee or university information not necessary to carry out your job responsibilities.
- Non-business or non-institutional access to the records of a student or employee. This includes your children as protected under FERPA, spouse, parents and other relatives as well as friends and acquaintances.
- Release of student or employee information to unauthorized internal or external users.
- Release of additional or excessive student or employee information to an authorized individual/agency than is essential to meeting the stated purpose of an approved request.
Information may not be divulged, copied, released, sold, loaned, reviewed, altered or destroyed except as properly authorized by the appropriate university official within the scope of applicable federal or state laws, including record retention schedules and corresponding Internal Governing Policies.
As an employee of Eastern Illinois University, you must abide by the rules, regulations, policies and procedures of EIU as well as federal and state laws applicable to your position at the university. EIU may at any time revoke employee/volunteer/student/third-party access, other authorization or other access to confidential information. Additionally, failure to comply with any of the acts, rules, regulations, EIU policies and corresponding procedures may result in disciplinary action, including termination of employment. Criminal or civil penalties may also be imposed, depending upon the nature and severity of the breach of confidentiality.