Kristina - Excellent point. One of my internal "audit tests", as simple as this sounds, was to evaluate the accessibility to shredders at campuses. If the institution used a shredding service, it was necessary to ensure that such information was gathered in a secure bin. In some cases, because the "common bin" was not convenient, employees would tend to either keep a running pile and make only occasional trips to the shredding bin or, fail to use it as indicated. In many schools I reviewed, the simplest solution was individual shredders at each work area which made it convenient for all to destroy documents immediately after use.
Compliance with marketing standards is critical to creating a compliant culture. We have all seen schools use false advertising to attempt to lure prospects into their doors. False promises inevitably get discovered by the student or graduate and only serve to give the whole industry a bad name. Admissions personnel are normally familiar with current advertising and if they see their school using non-compliant advertising they may be more likely to push the limits during their discourse with the prospect. Therefore, it is critical to establish a compliant marketing function.
Jane - as you indicate, marketing must meet with standards as part of a compliance culture. In some instances I have seen, the breach is unintentional as the marketing department is not always trained or aware of the various regulatory restrictions. Marketing needs to be part of the entire team that is involved with efforts that ensure compliance.
All three areas, (marketing, human resources and information security), are equally important; however, depending on the honesty and integrity of the admission department for marketing has been problematic. I have worked for several schools and it seems that many admissions reps. will do and say what ever it takes to get a potential student registered. A system of compliance is definitely needed in this area.
DeMario - I have also heard reps say things that they should not. As painful as it can be to hear it, some form of "mystery shopping" or, using a system that records calls (with the appropriate disclosures) can be beneficial. First, if they know they are being recorded, they may be more "on guard" with what they say. Second, it immediately identifies those that say things they shouldn't. Then you can narrow down what is being said wrong due to lack of training and what requires other means of resolution.
I do not know that I can select just one. All three areas mentioned are critical to creating a compliant culture. The trick though is making all staff understand how important compliance everyday is! Working to have a 100% compliant campus should be the goal - in all departments.
I agree that FERPA is a a topic that is extremely important, while often not recognized as so. When visiting one of our campuses, the campus director told me the students were not allowed to see their files. This caused me to further explore the entire subject of privacy. It's also easy to inadvertently give information to a family member, etc., that a student does not want divulged.
Training staff members on Compliance issues is essential for the success of the institution.
Brandi - I am definitely a big advocate of such training. Can you share what kind of training you provide to employees at your institution with regard to such compliance issues?
Information security is of the utmost importance. Having a system in place to make sure student information, especially credit card numbers are locked away is key.
All three areas are important. Our school has a corporate HR person and a regional HR person, that is helpful to me every day! Marketing and information security are critical also to our daily operations.
Barbara - you are right - it's hard to pick just one area when all are important.
We have found that getting staff from all levels and departments involved in the compliance audit is the most helpful way to get everyone invested in the process.
It is very imporatant that we adhere to the PA State DOE rules and regulations and our accrediting agencies (ACICS)rules and regulations with regard to marketing of our school and its programs. If we are not compliant in this area, it could lead to us receiving citations with fines attached and possibly could even result in the closing our our institution.
Susan - As you noted, there are a lot of rules and regulations to follow. Sometimes the challenge is when the various regulations are not in exact alignment, and staying current on the regulations, which are subject to change. It's also important to remember that the accrediting bodies hold insitutuions accountable for enforcing their stated policy - even if the policy is beyond the scope of their regulations.
I firmly believe in a 'trickle down' effect. If we are maintaining regulatory complaince at the marketing, HR and Information Management level than it becomes evident to all levels of operation that this is important and standard practice. It creates a sense of security and good internal and external customer service.
Madeline - I agree, creating this culture is key and it must start at the top!
I completely agree with you Kathleen, especially in regards what can be discussed about students and releasing of their records.We have very poor knowledge in that area.
I agree that in order to maintain a compliant culture within an organization we must avoid abuses associated with copy right infringement laws as it applies to software and other media. We should also secure all sensitive data i.e. records, files, computer data through implementation of security features in order to avoid breaches in students confidentiality.
Victor - Your comment on "security features" made me think of an area where there is increasing fraud from students: Falsified records. I have been surprised to find schools still using "plain" paper rather than security paper to print student transcripts, awards, and diplomas. I'm curious to see if any participants out there have experienced submission of documents to their institution which were determined to be fraudulent and also, if they are using security paper at their institution. Thoughts/Comments?