Skip Ribbon Commands Skip to main content
Navigate Up
Help (new window)
Sign In
MSJC > College Information > Privacy Policy

Privacy Policy

  1. Purpose
  2. Mt. San Jacinto College (hereinafter "MSJC") respects the privacy of authorized users of electronic College resources and encourages Academic Freedom as documented in Board Policy 4030. This Policy clarifies the applicability of law and certain other MSJC policies related to privacy of stored electronic information, electronic communication, and electronic transmission. Users are reminded that all uses of the MSJC's information technology resources, including email, are subject to all relevant College policies and relevant state and federal laws, including federal copyright law.

    Appropriate use of College electronic resources includes instruction, research, service, and the official work of the offices, departments, recognized student and campus organizations, and other agencies of MSJC, and as described below, incidental personal usage by faculty, staff, other College employees, and students. Since resources are not unlimited, the College may give priority for resources to certain uses or certain groups of users in support of its mission. Consistent with the College's non-discrimination policy, the use of information resources shall not be denied or abridged on the basis of disability, gender, gender identity, gender expression, nationality, race or ethnicity, religion, sexual orientation, or any characteristic listed or defined in Section 11135 of the Government Code or any other characteristic that is contained in the prohibition of hate crimes set forth in subdivision (a) of Section 422.6 of the Penal Code. MSJC complies with the non-discrimination laws set forth at Education Code sections 72010-72014.

  3. Applicability
  4. This policy is applicable to all members of the MSJC community and visitors to the College, including but not limited to students, faculty, lecturers/instructors, supervisors, classified staff, third-party vendors, administrators, and others that have been authorized access to MSJC electronic resources.

  5. Definitions
    1. Disclosure: The intentional or non-intentional sharing of information protected under the MSJC privacy policy. The definition of disclose shall include, but is not limited to; verbal, electronic, and physical sharing of information as well as providing unauthorized access to information.
    2. Use: To view, print, type, obtain, write, speak, and/or transmit.
    3. Information: As defined in Part V (Information Privacy) of the MSJC Privacy Policy
    4. Authorization: Permission provided to use MSJC information in accordance with MSJC's policies and procedures

  6. Expectations of Privacy
  7. MSJC respects and values the privacy of its faculty, students, staff, administrators, and other community members. MSJC will not monitor its community members except as required by law or as permitted by Board of Trustee approved policies, procedures, and agreements.

  8. Information Privacy
    1. General Policy:

    2. MSJC shall limit the collection, use, transmission, disclosure, and storage of Information to that Information that reasonably serves the College's academic, research, or administrative functions, or other legally required purposes. Such collection, use, transmission, disclosure, and storage of Information shall comply with applicable federal and state laws and College policies.

    3. Legal and College Process:

    4. Notwithstanding the General Policy contained in section 5.1, the College may disclose Information in the course of investigations and lawsuits, in response to subpoenas, for the proper functioning of the College, to protect the safety and well-being of individuals or the community, and as permitted by law. Additionally, MSJC complies with the disclosure laws set forth at Education Code sections 76240-76246, and may disclose student records as set forth in those specific situations.

    5. Policies that Apply to Special Categories of Information:

    6. If MSJC adopts policies governing certain categories of Information, these policies shall be listed within this policy document. To the extent that there is a conflict between the Privacy of Electronic Information Policy and the special policy, the special policy will control.

    7. Prohibited Information, including Social Security Number and Driver's License Number:

    8. MSJC shall not use an individual's SSN or DLN as a personal identifier unless required by law or approved by MSJC's President/Superintendent or designee. Prohibited information, including SSNs and DLNs, may be stored electronically only in compliance with Federal and State law. If Prohibited Information must be stored on paper, the files must be stored securely with access provided only to authorized persons.

    9. Student Records:

    10. Students have rights with respect to access to their education records under the Family Educational Rights and Privacy Act of 1974 ("FERPA"). These rights are outlined in the Board Policy 5040 and Administrative Procedure 5040.

    11. Health Information:

    12. Individuals have rights with respect to the privacy and security of their health information under Federal and state laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").

    13. Video, Audio, and Photography:

    14. In order to protect the privacy of the MSJC community, photographs, audio, and video recordings and other recordings may be made only in accordance with Administrative Procedure 6521.

    15. Electronic Commerce:

    16. Some areas of the MSJC website operate commercial enterprises online. MSJC also delivers online service through its network. To comply with the California Online Privacy Protection Act of 2003 when MSJC (or any of its partners) collects personally identifiable consumer information on one of the commercial areas of its website or as the operator of an online service, it will conspicuously post either a privacy policy or a link to a privacy policy on the portal page for the commercial activity. This policy will:

      1. Identify the categories of personally identifiable information collected through the commercial portions of its website or through its online service;
      2. Identify the categories of third-parties with whom MSJC may share that personally identifiable information;
      3. Provide a description of how an individual may request changes to their personally identifiable information collected through the Web site or online service and retained by MSJC;
      4. Describe the process by which MSJC will notify users of the commercial portion of MSJC's website or its online service of material changes to the MSJC's privacy policy for that portion of the website or online service (it is sufficient to say that the policy will be updated online); and
      5. Identify the effective date of the privacy policy and all updates.

    17. Mt. San Jacinto College Websites:

      1. Automated Information Collection
      2. MSJC gathers general information about an individual's visit to the on-line services. The gathering of this general information will not include personal information. This information is used to determine the type of visit to the MSJC's web pages in order to refine and improve MSJC's on-line offerings. This information is used in summary reporting that allows MSJC to determine better ways to serve its visitors and to identify and correct performance and/or problem areas.

      3. Links

      4. MSJC's web sites may contain links to other sites. Please be aware that MSJC is not responsible for the privacy practices of other sites. MSJC makes no representations regarding and does not vouch for the privacy policies or protections of third-party websites. Users should us caution when accessing third-party websites. The u​sers of MSJC's websites are encouraged to be aware of when they exit MSJC's site and to become familiar with the privacy policies of each web site that collects personally identifiable information.

      5. Cookies
      6. Cookies are small files that are stored on the user's computer (unless the user blocks them). MSJC uses cookies to understand and save the user's preferences for future visits and compile aggregate data about site traffic and site interaction so that MSJC can offer better site experiences and tools in the future. MSJC may contract with third-party service providers to assist MSJC in better understanding its site visitors. These service providers will not be permitted to use the information collected on MSJC's behalf except to help MSJC conduct and improve its business. The user may disable cookies by using browser options.

    18. Mandated Reporting and Contracted Services:

    19. MSJC may share or distribute information as required by statute, regulation, or other applicable law or with contracted third-party service providers to the extent that information is needed to fulfill the objectives of the contract. MSJC retains ownership of all shared data with contracted third-party service providers. As part of any contractual arrangement, third-party service providers shall be required to provide a documented privacy policy that is in accord with the standards of MSJC's privacy policy.

    20. Selling of Information:

    21. MSJC will not sell personal information to third parties.

    22. Confidentiality Agreement:

    23. Members of the MSJC community are subject to the MSJC Confidentiality Agreement. As a reminder of MSJC's commitment to privacy, students, faculty, staff and other members of the workforce may be asked to sign a confidentiality statement. Failure to sign such a statement in no way diminishes the obligation to uphold MSJC's policies.

  9. Privacy of Electronic Communications and Email
  10. MSJC encourages the use of electronic communications and respects the privacy of authorized users. Nonetheless, users of electronic communications systems should be aware that, in addition to being subject to authorized access as detailed below, electronic mail in its present form cannot be secured completely and is, therefore, vulnerable to unauthorized access and modification by third parties. Receivers of electronic mail documents should check with the purported sender if there is any doubt about the identity of the sender or the authenticity of the contents.

    Users of electronic mail services also should be aware that, even though the sender and recipient have discarded their copies of an electronic mail record, there may be back-up copies of such electronic mail that can be retrieved on MSJC systems or any other electronic systems through which the mail has traveled. Though unauthorized access to such electronic mail would be in violation of MSJC's privacy policy as presented herein, MSJC may not be totally successful in preventing such unauthorized access by third parties.

    MSJC electronic mail services may, subject to the foregoing, be used for incidental personal purposes provided such use does not interfere with MSJC operation of information technologies including electronic mail services, burden the MSJC with incremental costs, or interfere with the user's employment or other obligations of MSJC. Some email usage is explicitly prohibited and these prohibitions are documented in Administrative Procedure 6506.

    Access by authorized MSJC employees to electronic mail stored on the MSJC's network of computers or on contracted resources may be necessary to ensure the orderly administration and functioning of MSJC computing systems. In the course of this work, information technology employees may gain access to electronic communications and data. These employees, who as a function of their jobs routinely have access to electronic mail and other electronically stored data, are required to maintain the confidentiality of such information in accord with this policy.

    Access to electronic mail on the MSJC's network of computers that involves reading electronic mail may occur only when authorized by the Mt. San Jacinto College officials designated below and only for the following purposes:

    1. troubleshooting hardware and software problems, such as rerouting or disposing of undeliverable mail, if deemed necessary by the Dean of Information Technology or authorized designee;
    2. preventing or investigating unauthorized access and system misuse, if deemed necessary by the Dean of Information Technology or authorized designee;
    3. as authorized by the named user of the email account;
    4. retrieving or reviewing for College purposes specifically limited to College-related information;*
    5. investigating reports of employee misconduct;*
    6. investigating reports of student misconduct;*
    7. investigating reports of violation of College policy or local, state, or federal law;*
    8. complying with legal requests for information (such as subpoenas and public records requests);* and
    9. retrieving information in emergency circumstances where there is a threat to health, safety, or College property involved.*

    * The system administrator will need approval from the President or designee(s) approved by the President to access specific mail and data for these purposes. The extent of the access will be limited to what is reasonably necessary to acquire the information for a legitimate purpose.

    In addition to the foregoing, when a MSJC employee leaves employment or when an employee is on leave, a system administrator may, with approval of the unit head (Director, Associate Dean, Dean, Vice President, or President) to which the employee was assigned, remove the departing employee's email files from MSJC systems in order to conserve space or delegate access to the email account to another employee for other business purposes, including business continuity. An employee's email may be retained and accessed by the unit as necessary for use in connection with MSJC business. In all such cases, approval will be limited to what is reasonably necessary to acquire the information for a legitimate purpose. Units and departments are encouraged to make arrangements for disposition of email files with departing employees and students in advance of their departure.

    The information technology staff will inform the account holder, in a timely manner, of the need to monitor or review the contents of the email account and the Information Technology department will provide justification when Information Technology team members have monitored or reviewed the contents of an email account. Under some circumstances including, but not limited to police investigations and potential security breaches, this notice may not be provided.

  11. Privacy of Data, other than Electronic Mail, Stored on College Computers and Networks
  12. As is the case with electronic mail, access by authorized MSJC employees to electronic data stored on the MSJC's network of electronic devices or licensed cloud-based resources may be necessary to ensure the orderly administration and functioning of MSJC computing systems. Such access may require the employee gaining access to the data to read specific files. MSJC requires system administrators and other employees who, as a function of their jobs, routinely have access to electronically stored data, to sign statements agreeing to maintain the confidentiality of such information.

    In order to conduct its business without interruption, MSJC must have access to data stored on MSJC computers and networks. Accordingly, for legitimate business purposes, the head of any MSJC administrative unit or department may in his or her discretion authorize the accessing or retrieval of any files other than electronic mail stored on MSJC's network of electronic devices or licensed cloud-based resources under that unit or department's control. When necessary and appropriate, MSJC technology support personnel may assist with retrieval of such information on behalf of a unit or department.

    Because electronic documents and data are vulnerable to unauthorized access, there is no absolute guarantee of privacy or confidentiality for documents or data stored on MSJC's network of electronic devices or licensed cloud-based resources.

    Access to electronic data on the MSJC's network of electronic devices or licensed cloud-based resources that involves reading data may occur only when authorized by the MSJC officials designated below and only for the following purposes:

    1. troubleshooting hardware and software problems, such as disposing of undeliverable mail, if deemed necessary by the Dean of Information Technology or authorized designee;
    2. preventing or investigating unauthorized access and system misuse, if deemed necessary by the Dean of Information Technology or authorized designee;
    3. as authorized by the named owner of the file system;
    4. retrieving or reviewing, for College purposes, College-related information;*
    5. investigating reports of employee misconduct;*
    6. investigating reports of student misconduct;*
    7. investigating reports of violation of College policy or local, state, or federal law;*
    8. complying with legal requests for information (such as subpoenas and public records requests);* and
    9. retrieving information in emergency circumstances where there is a threat to health, safety, or College property involved.*

    * The system administrator will need approval from the President or designee(s) approved by the President to access specific mail and data for these purposes. The extent of the access will be limited to what is reasonably necessary to acquire the information for a legitimate purpose.

  13. Public Records Considerations
  14. Electronic mail, voicemail, and other data stored on MSJC computers and electronic devices may constitute a public record like other documents subject to disclosure under the California Public Records Act or other laws, or as a result of litigation. However, prior to such disclosure, MSJC evaluates all requests for information submitted by the public for compliance with the provisions of the Act or other applicable law. MSJC complies with the Richard McKee Transparency Act of 2011, codified at Education Code sections 72690-72701, therefore public records or data stored by auxiliary organizations may also be subject to disclosure in certain circumstances.

  15. Release of Student Records
  16. MSJC respects the privacy of students and alumni. The release of student records and maintenance of directory information shall be consistent with Board Policy 5040 and Administrative Procedure 5040.

  17. Responsibilities
    1. Dean of Information Technology
      MSJC shall have a Dean or Associate Dean of Information Technology who is responsible for:
      1. Interpreting this Policy;
      2. Providing advice with a view to encouraging compliance with all privacy laws and regulations, improving privacy practices, and resolving problems;
      3. Establishing privacy policies and procedures in areas not covered by section V.
    2. Establishing Privacy Policies and Procedures
      MSJC has designated certain officials with primary responsibility for establishing policies and procedures governing MSJC compliance with certain specific privacy laws and regulations:
      1. FERPA. MSJC's Dean of Enrollment Services has primary responsibility for establishing policies and procedures related to compliance with the Family Educational Rights and Privacy Act.
      2. HIPAA. MSJC's Vice President of Human Resources has primary responsibility for establishing policies and procedures related to compliance with the Health Insurance Portability and Accountability Act of 1996;
    3. Information Custodians and System Owners
      Each individual who retains custody of Information, and each system owner, is responsible for the application of this policy and all related MSJC policies to the systems and Information under their care or control.

  18. Enforcement
  19. Individuals that believe that a violation of this policy has occurred should contact the following immediately:

  20. Dean of Information Technology

    28237 La Piedra Road

    Menifee, CA 92584

    Office 827


    Investigations related to alleged privacy violations will be conducted in accordance with regulatory statute, MSJC Board Policy, bargaining unit contracts, and the MSJC Acceptable Use Policy.

    ICTC Approved: October 2016

    EC Approved: July 2016


​​​