Jacksonville College
Login

Registration Tracker

v1.0

Loading...

GLBA Compliance Statement

Jacksonville College Registration Tracker — Privacy, Security, and Audit Practices

1. Data Security Safeguards

  • All student financial and personal data is accessed via read-only ODBC connections to the Empower SIS.
  • No student data is stored in the application database (MySQL) except anonymized statistics snapshots and user preferences.
  • Direct database write operations are prohibited from this application.
  • All database queries use parameterized statements to prevent SQL injection.
  • HTTPS is enforced for all pages and API endpoints.

2. Access Controls & Role-Based Permissions

  • Users are authenticated against the college LDAP/Active Directory and Empower SIS.
  • Role resolution uses Empower group (UGRP_ID) and LDAP group memberships.
  • Permission checks occur on every page load using resolveUserPermissions().
  • Each dashboard view and widget is gated by application-specific permissions.
  • Student Workers receive the student_worker role with intentionally limited permissions (dashboard view and check-in only).
  • Direct access to view files is blocked; all requests route through dashboard.php with permission verification.

3. Audit Logging (Who, What, Where, When, Why, How)

  • Every auditable action is recorded in the MySQL audit_log table.
  • Log fields capture: username, display name, role, action type, target, page, IP address, device info, timestamp, context, HTTP method, and result.
  • Logged actions include: login, logout, dashboard views, student record lookups, exports, and permission denials.
  • Audit logs are retained and indexed for reporting.

4. Student Data Minimization

  • SSNs are masked (***-**-XXXX) before display.
  • Only data necessary for registration tracking is queried and displayed.
  • Student Workers cannot access detailed student records, financial data, or SSNs.
  • Staff viewing a student record via dashboard are logged for audit.

5. Cookie & Consent Practices

  • The application uses session cookies for authentication and user preferences.
  • No third-party tracking cookies are used.
  • A cookie consent banner is displayed for all users, especially international students, to comply with privacy expectations.
  • Consent is recorded server-side with a timestamp, IP address, and the categories chosen (Essential, Preferences).
  • Users may manage or withdraw preferences at any time via the "Manage Cookies" link in the footer.
  • Withdrawing preference consent stops non-essential storage but does not affect required session cookies.

6. Incident Response & Reporting

  • Unauthorized access attempts are logged and flagged.
  • Permission denials are recorded with full context for review.
  • Report concerns to the IT Help Desk at help@jacksonville-college.edu.

7. Policy Review

This compliance statement is reviewed annually or whenever significant application changes are made. Last updated: June 27, 2026.

Back to Dashboard