FTC Standards for Safeguarding Customer Information 07.01.2023
Capri Beauty College is committed to implementing a comprehensive information security program, consistent with the size and complexity of this institution and the nature of its educational activities, to maintain and safeguard personally identifiable information against damage or loss. All employees are required to sign an Information Security Policy and adhere to its principle. Capri Beauty College encourages the use of information systems for business purposes. Such systems include: electronic mail (E-mail), computers (including laptops), Instant Messaging, Internet access, voicemail, fax machines, telephones, two-way radios, pagers, Personal Digital Assistants and any other device used for information processing, communication, and storage (collectively referred to as “Information Systems”). All Information Systems provided by Capri Beauty College remain the sole property of Capri Beauty College and consequently, employees shall have no reasonable expectation of privacy in using them.
These requirements apply to all customer information the college has, regardless of whether it pertains to students, parents or others the college has a customer relationship with or pertains to the customers of other financial institutions that have given such information to the college. Customer information is any record containing nonpublic personal such as:
- Your name, address, and social security number
- Name of your financial institution, account number
- Information provided on your enrollment application
- Information provided on your application for a grant or loan
- Information provided on a consumer report
- Information obtained from a website
- Personally identifiable financial information; and any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personal identifiable financial information that is not publicly available.
- Insure the security and confidentiality of customer information,
- Protect against any anticipated threats or hazards to the security or integrity of such information, and
- Protect against unauthorized access to or use of such information that could result in substantial harm or inconveniences to any customer.
The policy covers all records in whatever format (hard copy, electronic). The Office of the Vice-President shall be responsible for coordinating the school's information security program based on the recommendations of the Information Security Administrator. At least once every three years, the office will assess foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of the information.
- David Ruff (who possesses 38 years of Information Security, Governance, Risk and Compliance experience) is the Information Security Administrator and individual primarily responsible for overseeing, implementing and enforcing the College’s Information Security Program.
- Tom Seil – Vice President – On-campus Coordinator.
- IT Lighthouse in Naperville, IL provides advanced network design, installation, and security.
Covers every relevant area of school operation, including but not limited to: Employee training and management / Network and software design/processing, storage, transmission and disposal of information, ways to detect, prevent, and respond to attacks, intrusions or other systems failures.
Safeguards and Testing/Monitoring:
The Admission Office shall design and implement safeguards to control identified risks and shall monitor the effectiveness of them, recommending changes when warranted. Records for prospective students (Enrollment Agreement, State ID, Official Transcripts & Admission Application) who are not accepted or who do not enroll/or start in their requested course s may be held for 6 months. After six months, the records will be destroyed in a secure manner. All other records including but not limited to: Student Aid Reports, Verification Documents, Tax Records, NSLDS records, Promissory Notes, etc. shall be destroyed within one week of official cancellation. Records of enrolled students shall be maintained in accordance with federal and state law and accreditation requirements.
Evaluations and Adjustment
The college will periodically evaluate and adjust its information security program in light of the results of the required testing and monitoring as well as for any material changes to the operations or business arrangements or any other circumstances that it has reason to know may have a material impact on the college’s information security program.
Overseeing Service Providers
Capri Beauty College shall only enter into servicing agreements with service providers who also maintain appropriate safeguards for customer's personally identifiable information.