Report non-security-related violations (such as receipt of inappropriate content, other Human Resource policy violations, general college policy violations, or regulatory compliance violations) to a supervisor, HR.
Report information security and general technical policy violations to the ITS Service Desk at 503-594-3500, submit a service desk ticket , or contact the CIO.
CCC handles a large amount of sensitive information on a daily basis, including student and patient data regulated under federal law.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Health Information Technology for Economic and Clinical Health Act (HITECH), enacted as part of the American Recovery and Reinvestment Act of 2009, require strong safeguards for the protection of Patient Health Information (PHI) by covered entities such as CCC.
The Financial Modernization Act of 1999, also known as The Gramm-Leach-Bliley Act (GLBA) mandates similar safeguards for the financial information in the possession of financial institutions, including higher ed institutions obtaining student information from federal agencies, such as for Financial Aid processing.
The Department of Education, in two “Dear Colleague” letters, has emphasized that all Higher Ed institutions accepting financial aid funding are required under their Program Participation Agreements and under their Student Aid Internet Gateway Agreements to safeguard all student Personally Identifiable Information in compliance with GLBA, FERPA and all other applicable state and federal privacy regulations.
In addition, in order to be allowed to accept payment from our customers in the form of credit card transactions, CCC must pass regular audits to satisfy the Payment Card Industry Data Security Standards (PCI-DSS).
Responsible executive
Chief Information Officer
Last revision date
07-26-2023 srw