Student Worker Policy

Well I, for one, would disagree with your perceived common points of agreement. 

We subscribe to the “one NetID per person” Identity Management model, regardless of affiliation (e.g., student, faculty, staff, etc.).  We assign permissions to roles, and roles to NetID’s.   An individual can have more than one concurrent affiliation (e.g., both a student and a staff member).  It isn’t always clear which affiliation should be considered “primary” and with our model, we don’t care.

We also have students in positions of trust with authorized access to confidential information  (e.g., teaching assistants with access to other students’ grades, research assistants with access to confidential research data, student tech support staff, etc.).   We strongly encourage the use of confidentiality agreements with all employees, students and  otherwise. 

Bottom line – we don’t restrict access solely on the basis of one’s status as a student, a staff employee, a faculty member, at least not at the institutional level.  Individual departments are free to do so if in their best interest.  At the institutional level, the same access policies and restrictions apply to each and every NetID owner, regardless of affiliation. 

FWIW,

Don

______________________________________________

Don Volz

Special Asst to the VPIT

Texas State University

Email: don.volz@txstate.edu

Voice: 512-245-9650

FAX: 512-245-1226

We take a different approach.  A student worker is an employee, and is treated as any other employee.  If a background check/NDA is required due to the nature of the position, it is done.  The network ID is the same, but access provided to systems/resources is granted based on the requirements to do the job.  If access to sensitive data is required, they follow the same procedures and agree to any applicable policies as any other employee to gain access.  When they leave the position, access is removed.

___________________________________

Daniel V. O'Callaghan, Jr., MBA, CISSP, GCFA

Chief Information Security Officer

Sinclair Community College

444 W Third St, 13-000F

Dayton, OH 45402

937.512.2452

The violations are spelled out in high-level terms in our acceptable use policy (http://www.txstate.edu/effective/upps/upps-04-01-07.html ) which is referenced by many other resources (e.g., the student handbook http://www.dos.txstate.edu/handbook.html ).

We also provide a template Student Employee Confidentiality Agreement at http://security.vpit.txstate.edu/policies/template_non-disclosure_confidentiality.html  and we work with departments to customize it for their specific situations and environments.

Best,

Don

______________________________________________

Don Volz

Special Asst to the VPIT

Texas State University

Email: don.volz@txstate.edu

Voice: 512-245-9650

FAX: 512-245-1226

From: EDUCAUSE Policy Discussion Listserv [mailto:POLICY-DISCUSSION@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kent King
Sent: Friday, January 20, 2012 10:41 AM
To: POLICY-DISCUSSION@LISTSERV.EDUCAUSE.EDU
Subject: Re: [POLICY-DISCUSSION] Student Worker Policy

Bob -

I definitely agree that learning to properly handle sensitive information is an important part of the educational process. There are some differences in the doctor's office comparison however....In the business world, there is a direct and painful recourse: you will be terminated. We certainly have some "hold" over the student workers, up to and including expulsion if necessary.

That is where I was going with this discussion....does anyone have policies that define this process; the definition of violations of trust and how they are handled?

Kent