Introduction
There have been some questions and concerns raised about the personal
information contained in the Banner system and who has access to it and
how it is intended to be kept confidential. This is the first of
what will probably be a series of bulletins designed to address these issues
and to keep you up to date on how access and security are being handled
as the LEWIS project proceeds.
1. Banner Access and the Web
Access to the Banner system is available to those staff and faculty
who need it in order to carry out their work responsibilities (see #3 below).
In general, Banner access is possible in two ways: 1) using the
Web for… products where Netscape or another browser is the interface, or
2)
logging into a Banner application directly. For casual users of Banner,
those who do not use Banner as a part of their daily work routines, access
will generally be through the Web.
For example, staff and faculty will use the Web for Employees product
which will provide them with access to their own individual personnel records,
but only after they have entered their personal ID and password.
Using Web for Employee, staff will not be able to get to anyone else's
personnel records unless for some reason, another individual has decided
to share his or her ID and password (which is a violation of Lehigh's policy).
Faculty will also generally use the Web for Faculty product in order to
manage their class rosters, view the records of their advisees and students
in their classes, and to maintain electronic grade books. Each faculty
member will be required to enter his or her ID and password in order to
get into the system to see this information. Students will be able
to log into Web for Student with an ID and a password to view only their
own schedules, degree requirements, and the like.
2. Data Records in Banner
After detailed study and much discussion by the data standards team
and the LEWIS Steering Committee, the LEWIS Steering Committee recommended
and the LEWIS Executive Committee adopted the use of the Social Security
Number as the primary identifier for an individual's data record in the
Banner system.
3. Getting a Banner Account
All new Banner users must apply for a Banner account. Each individual's
request must be authorized by his or her supervisor and by the data stewards
for the Banner applications. They will determine which Banner modules
and forms [screens] the individual should be able to access in order to
carry out his or her job duties. All new users must complete Banner
navigation training and then other specialized training in the necessary
modules. All staff and faculty must also complete FERPA (Family Educational
Rights and Privacy Act of 1974) training relating to the legislation governing
the confidentiality of student records.
As a part of the account opening and training process, each http://www.Lehigh.EDU/security/policy/computing.html
staff member is also required to sign a document indicating that he or
she understands the University policy regarding the use of computer systems
and facilities (http://www.Lehigh.EDU/security/policy/computing.html),
the policies pertaining to the confidentiality of records, and the penalties
for violation of these policies.
4. Existing Banner Users
Existing Banner users were required to sign a confidentiality agreement
at the time when they acknowledged receipt of their individual Banner password.
An enhanced confidentiality agreement is currently being developed; all
users will be required to sign the revised document.
5. Necessary Access
There are Lehigh staff working in human resources and payroll who need
to have access to personnel records in order to carry out their responsibilities.
These staff have always had access to this information whether it was in
paper files or online in the old legacy systems. In the Banner system,
information such as a spouse's name and SSN and the names and SSNs of beneficiaries
is only accessible to those staff working in the human resources and payroll
functions.
6. Overall Security
One of the highest priorities for the administrators of the Banner
system is to maintain the integrity and accuracy of the database and to
protect the confidentiality of individual records and the security of all
data systems. This is an ongoing process with appropriate modifications
made over time. Individual users are
likewise bound by the university's policies on appropriate use and
confidentiality and the agreements they signed to that effect.