State Board | Policies and Procedures
BP 6-20 – Personally Identifiable Information Security Program
STATE BOARD FOR COMMUNITY COLLEGES AND OCCUPATIONAL EDUCATION
Personally Identifiable Information Security Program
BP 6-20
APPROVED: May 9, 2018
EFFECTIVE: May 9, 2018
REVISED: February 8, 2023
RETITLED: February 8, 2023
RENUMBERED: February 8, 2023
REFERENCE(S): The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 C.F.R. Part 99); The Gramm-Leach-Bliley Act (GLB) (15 U.S.C. §§ 6801–6809,16 C.F.R. Part 314); The Health Insurance Portability and Accountability Act (HIPAA) (42 U.S.C. § 1320d-1320d-8; 45 C.F.R. Parts 160,162 and 164); Protection of Personal Identifying Information Act (C.R.S. § 24-73-101-103); Fair and Accurate Credit Transaction Act of 2003 (FACTA) Red Flags Rule (15 U.S.C. § 1681m(e))
APPROVED:
/ S.R. Heath, Jr. /
The Honorable S.R. Heath, Jr., Chair
Policy Statement
The State Board for Community Colleges and Occupational Education (SBCCOE or Board) is committed to complying with federal and state laws regarding security of personally identifying information maintained by the Colorado Community College System (CCCS or System).
Scope
This policy applies to the Colorado Community College System, including its Colleges (CCCS or System).
Procedure
The Chancellor shall promulgate such procedures as may be needed to implement this policy.