Purpose: Data maintained by Normandale Community College is subject to applicable employee and student data practices laws, including the Minnesota Government Data Practices Act and the federal Family Educational Rights and Privacy Act. Users are responsible for handling government data to which they have access or control in accordance with applicable data practices laws.

1. Data.  Data refers to any information maintained on an individual.
2. Data Privacy Compliance Officer (DPCO).  Data Privacy Compliance Officer refers to the Chief Human Resources Officer, who is responsible for compliance with employee data practices regulations, and the College Registrar, who is responsible for compliance with student data practices regulations.

Responsibility for data privacy.  Under the guidance of the DPCOs, all employees are responsible for maintaining the confidentiality and security of employee and student records in accordance with applicable law.

Record retention schedule.  Each administrative area that collects and maintains data shall implement a record retention schedule that complies with applicable laws and industry best practices.

Access to private data.  Access to private data shall be restricted to those with legitimate interest, as defined by law.  The DPCO, in consultation with the Office of General Counsel, shall respond to third party requests for private data.