Privacy Policy

Texto en español.

Elgin Community College regularly collects and uses data from students and employees. Data informs the programs and services we offer, the partnerships we participate in, and the initiatives we undertake. In general, three (3) general types of data are collected by the college:

Public data and internal administrative data are the most widely available forms and are easily accessible. Examples of public data include press releases and reports. Examples of internal administrative data include memos, emails, and internal newsletters. Public and internal administrative data are principally operationally used to conduct everyday business. For this reason, they are not considered private, sensitive, or confidential and, as such, not covered in this procedure.

Personal identifiable data is the last category of data and the focus of this procedure. Personal identifiable data1 contains information related to an individual person's identity, location, or behaviors, and as such, is sensitive and restricted. If compromised, identifiable data can violate personal privacy, create risk, or impose legal action. The practices outlined in this document help to maintain the confidentiality, use, and limitations regarding the distribution of personal data.

Personal Data We Collect

Types and examples of personal data we collect include:

Individual identifying and demographic data. Individual demographic data includes, but is not limited to, a person's name (first and last); phone numbers; addresses (street name, street number, city, state/province, zip/postal code); email address; date of birth; and social security number or tax identification number (TIN). Demographic data also includes information about an individual's race, ethnicity, and gender.

Enrollment and participation data. Enrollment data includes an individual's attendance in courses or involvement in events. For students, this can include course enrollment data (course prefix, number, and course title), course location (buildings and rooms), instructors, days and times of classes, and formats of classes (face-to-face or online). For employees, data can include involvement in committees, meetings, and professional courses or workshops. Information we collect includes names of committees or workshops, meeting locations or modalities, leaders or instructors, days and times of workshops or meetings, and other related information.

Official records. Performance data includes judgments about an individual's aptitude or skills. For students, examples of performance data include course grades, and grades or evaluations made by instructors or evaluators on measures of learning, such as tests and quizzes, writing assignments, portfolios, or presentations. For employees, performance data includes job performance evaluations and actions taken because of decisions made from evaluations or approved meeting notes.

Use of educational services. Usage data includes information about an individual's use of services provided by the college. For students, usage data includes library circulation data (books or resources signed out and dates), use of certain labs, tutoring services, testing services, or participation in events, such as guest lectures. For employees, usage data includes use of services such as the library or the fitness center. Different campus services track usage to different degrees. Some routinely log every visitor who uses a service, whereas others track usage sporadically.

Use of technology services. Technology use a special class of usage data in that it is less tangible and can occur without an individual's overt knowledge of it. Data includes information entered into web browsers and any information sent to us from browsers. Such information can include a computer's internet protocol address (e.g., IP address), browser type, browser version, web pages that are visited, the time and date of each visit, the time spent on those pages, unique device identifiers, and other diagnostic data. On a mobile device, this information includes usage data, such as the type of device being used, the device unique identifier (ID), the IP address of the device, the mobile operating systems used, and the type of mobile internet browser used, unique device identifiers, and other diagnostic data. We use cookies, beacons, tags and similar tracking technologies to track the activity on our systems, and we hold certain information. Cookies are small files stored on devices (computers or mobile devices) to remember an individual's preferences, session settings, and security information.

Financial data. Financial data we collect from students includes payment history, payment status, and banking information, including credit cards. We use third-party billing companies for collecting tuition payments, and those companies may request credit card or bank account information. For students on financial aid, we collect all data supplied on the FAFSA, which includes income, public assistance, loan information and history, and credit information, such as bankruptcies. Some student scholarships also require financial information such as income. Certain employee positions that handle money also require credit checks and scores from credit bureaus.

Health data. The college collects certain health records from employees and students who participate in the health insurance program, clinics offered by the Health Professions Division, or who request accommodations through the Americans with Disabilities Act (ADA) Compliance Officer. Health Insurance Portability and Accountability Act (HIPPA) and ADA rules are followed regarding the collection and use of this data. Employee and student health information is also used in certain programs. For example, truck driving and Health Professions programs require drug and alcohol use information. For further information, please see Administrative Procedures 3.405 and 3.406 . For students or employees who request tuition assistance through the Tuition Adjustment Advisory Council, we collect information medical status, including data on the nature of an individual’s disability.

Criminal background data. Certain programs and positions in the college require crime information from students and employees. Criminal background checks are conducted for new employees as part of the hiring process and at regular intervals for positions in campus safety and in certain programs, such as criminal justice.

Audiovisual data. From time to time, the college or the ECC Foundation, a related not-for-profit organization, may record audio or use photographs or video of an individual's participation in events and may publish and use recordings or representations of individuals for promotion and educational purposes.

Perceptual and attitudinal data. From time to time, the college or external partners may request perceptual or attitudinal information related to an individual's use or satisfaction with services. This type of data is commonly collected through web surveys, interviews, or focus groups. Specific practices for the collection of this type of data are contained in Administrative Procedure 3.906 . While reports of perceptual data are summarized in aggregate and identifying information is redacted in shared reports, identifying information can at times be contained in open-ended questions, and for this reason, this type of data represents another form the college collects.

Other behavioral data. At times college employees and students are invited to participate voluntarily in research internal or external to the college that involves data collection. Types of data collected are specific to each research project, and researchers are required by the Elgin Community College Internal Review Board to gather informed consent from participants. Specific practices related to the collection of this type of data are contained in the Administrative Procedure 3.103 Data Collection Involving People at Elgin Community College and follow accepted practices of the U.S. Department of Health and Human Services.

Use and Retention of Personal Data

We use the above forms of collected data for the following purposes:

To carry out the above uses, we retain records in the form of both paper files and digital data linked to an individual's name. Administrative Procedure 3.102 , details the length of time that certain hard copies of records are kept, but because paper files are typically converted into digital files for recordkeeping and analysis, individuals should assume that data is stored in perpetuity to be retrieved as needed for any of the above uses.

Validity of Data

Data should be collected and maintained with assurance of its validity. Everyone who supplies or works with data has a responsibility to ensure its accuracy, timeliness, and consistency. Students and employees who provide information should ensure that it is up-to-date. Employees tasked with entering, coding, or reporting data should take steps to ensure its accuracy.

The college employs quality standards in regards to data validity. First, we staff data analysts in key functional areas – technology, research, academic affairs, finance, and human resources – who conduct soundness checks as part of their assigned responsibilities. Second, we maintain standing bodies (offices or committees) to act as “stewards” of the data within their charge. For example, student success and learning outcomes data are overseen by councils who assume responsibility for the validity of the data they oversee. Third, we rely on external bodies (e.g., Illinois Community College Board, National Community College Benchmarking Project, etc.) to ensure that data is cross-checked, benchmarked, and reflects the college accurately and completely. Fourth, we use best practices in data sharing and communicating to ensure that data are regularly discussed and understood.

Access, Security, and Use of Third Parties

Information regarding access to and security of data is contained in Administrative Procedures 3.407  and . In general, oversight for data access and security is distributed throughout the college. Every department has some degree of access to personally identifiable data during the normal course of work, and each person who uses data is expected to:

These administrative procedures also describe the college's processes for providing regular training to employees and tracking participation in training to ensure that data remains valid and secure.

In addition to our own employees, the college also provides access to data to third-party service providers, contractors, and organizations with whom we do business. These organizations help us perform a variety of functions: connect us to employees, students, or community members; gather and process data; and conduct business transactions. We also use providers to inform and optimize web visits using information gathered from cookies, beacons, and log files. While the list of service providers is ever-changing, it generally includes the following types of organizations:

In providing access to third parties, we take all necessary steps to ensure data is handled securely, and no transfer of personal data takes place until adequate controls are in place. We use commercially acceptable means to protect data, such as data encryption and uploading/downloading data to/from secure sites. We require that access to digital information is protected by strong passwords, which are periodically updated and never shared.

Third-party data-sharing parameters are spelled out in written contracts that define the contexts in which data are used or shared, stored, and deleted. Contracts are kept on file in the college's Business and Finance and/or Legal Affairs Offices. With regard to student educational records, we comply with the Family Educational Rights and Privacy Act and do not share information without students' written consent. For further information about students records, use and privacy, see Administrative .

Because third parties have their own affiliates and systems, it is possible for personal data to be transferred outside of the state, province, or country from which it originated and sent to locations where data security protocols may differ from those where the data originated. For students located outside of the United States, we transfer data, including personal data, to the United States for processing. Our systems may contain links to other sites that are not operated by us. If users click a third-party link, they will be directed to that third party's site. Users are strongly advised to review the privacy policy of every site they visit, as the college has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party sites or systems.

Limitations to the College's Use of Data

While the college relies on complete data, individuals can limit how their data is collected or used:

Communication of Changes to this Document

Any changes made to this administrative procedure will be updated promptly on the college's employee and student portals and on the public website at Additionally, any documents that reference this procedure, such as Student Terms and Conditions, are also updated whenever updates to this procedure are made.

Students and employees are advised to review this procedure periodically for changes. Changes are effective when they are posted at . Any questions about this administrative procedure should be sent via email to

We gather personal data only from individuals who are over the age of 13. Individuals who are 13 years old and younger must get parental consent to send personal information through the ECC website or via email. For more information on the Children's Online Privacy Protection Act of 1998 please visit the Federal Trade Commission's website.