FERPA Basics Revised 4-6-16
advertisement
FERPA Basics Revised 4-6-16 Important Principles All Student Data Some Student Data Access and Control • Governed by privacy laws and policies • Personally identifiable • Treated with confidentiality • Public or Directory information • Considered “sensitive” • Students can release or restrict, and access • Others access with or without student consent The Key Questions 1 • What is a student record? 2 • What can be disclosed from a student record? 3 • What is really confidential at UC San Diego? First Question • What is a Student Record? o any record that is directly related to a student and maintained by the University • What is covered by FERPA and UC Policy? o Education Record • What may be covered by other policies/laws? o Non Education Record Education Records Includes In any recorded form – not observations • Academic Records • Housing Records • Disciplinary Records • Financial Aid Records • Other records related to a student • Electronic/computer media • Video file • Audio file • Printed document • Handwriting Not an Education Record Records not considered “Education Records” may be protected by other privacy laws/policies. Includes these And these • Records kept by the creator of the record, usually as a memory aid, and are not accessible or revealed to another individual • Campus Police records • Applicant records of individuals that do not enroll or register at the University • Alumni records created after the individual is no longer a student • Employment records * • Treatment or health records ** • * not related to their student status • ** can only be disclosed for treatment purposes or else pursuant to a FERPA exception Second Question • What can be disclosed and to whom? o Directory/Public information data • Anyone except as restricted o Confidential personally identifiable information • Anyone with student’s explicit consent • Others as permitted by exceptions o Sensitive personally identifiable information • Should not be shared, except as permitted! • Sensitive data is highly restricted Disclosure of Records without Consent Disclosure of information from education records is generally permitted when: • The information is directory information and has not been restricted by the student • The disclosure is directly to the student • The disclosure is to school officials with legitimate educational interest Other exceptions for disclosure apply (more to come…) Directory/Public Information Data Unless specifically restricted by the student, UCSD considers the following to be public information and can be released without student permission: • Student name • Campus/local address • Campus/local telephone number • Permanent home address • Permanent home telephone number • Date of birth • College and major • Dates of attendance • Degrees and honors received • Officially recognized activities (not currently maintained on ISIS) • E-mail addresses How information can be disclosed? • Student consent to Disclosure o Student Consent to Disclose form • Disclosure of records without consent o Exceptions that allow Disclosure o Re-Disclosure of Information • Legitimate educational interest • Regulatory exceptions Student Consent to Disclosure The student may provide consent for disclosure to any third party. • For the consent to be valid, the student must sign and date a written consent that identifies: o o o o To whom the disclosures are to be made records to be disclosed, purpose of disclosure, and term of consent • Consents do not need to be originals, i.e. they may be faxed • Electronic consent is permitted as long as the institution can authenticate the requestor. In TritonLink, the student user id and password is adequate authentication. Student Consent to Disclosure Form https://students.ucsd.edu/_files/registrar/FERPA_WrittenConsentForm.pdf Legitimate Educational Interest An employee or agent of the institution has a “legitimate educational interest” if the record is necessary and relevant to the accomplishment of official University responsibilities and duties. A “legitimate educational interest” does not have to be educational or academic. It can be related to any appropriate University function, and can include disclosure to campus police (in role as safety officers) or judicial affairs. Exceptions that Allow Disclosure Disclosure to third parties, without student consent, is permitted under the following circumstances: • A school official has a legitimate educational interest in the record; if the record is necessary and relevant to accomplish an official University responsibility • To determine financial aid eligibility, amount, and/or conditions of the aid • To comply with a judicial order or subpoena; the University must generally make a reasonable effort to notify the student in advance of disclosure • If it is a health or safety emergency, the University can release information to any person whose knowledge of the information is necessary to protect the health or safety of the student or other individuals Re-Disclosure of Information When information has been disclosed to a third party, the recipient of the information must be informed that the information they receive cannot be further disclosed, unless there is written consent from the student whom the record concerns. Re-disclosure Notice Language “The enclosed information is being released to you in accordance with the provisions of the Federal Family Educational Rights and Privacy Act of 1974 (FERPA). In providing this information, it is the responsibility of the University of California, San Diego to inform you that such information is being transferred on the condition that you will not permit any other party to have access to such information without the consent of the Student, except that the information may be used by your organization’s officers, employees and agents, but only for the purposes for which the Disclosure was made to you.” Third Question • What is really confidential at UC San Diego? o Everything that’s not public/directory Everything! o Some data are MORE confidential than others; • Sensitive Personally Identifiable data… Sensitive Personally Identifiable Data UCSD considers some personally identifiable data as sensitive. Sensitive personally identifiable information includes: • Ethnicity • Social Security Number • Taxpayer Identification Number • Most financial information, tax returns, and other information such as Credit Card numbers • Citizenship status* • Gender identity* * Under consideration Sensitive data is more highly restricted due to its revealing nature and our obligation to protect individual identity. Traditionally, sensitive data is not made available in general access to data. Steps for Accessing Personally Identifiable Sensitive Data • • • All requests for data, including sensitive data, are to be vetted through normal channels of DSA (Departmental Security Administrator) and Data Steward. Requests for sensitive data must be justified as required for federal, state, or university reporting requirements, or for research and study of group trends. No requests for access for the purpose of identifying individuals will be granted.* Data reporting units may produce reports for requestors after it is determined that: o they are eligible to have access to the data o they are unable to obtain it within their own resources o if executive expediency is indicated *under review Data Policies Data Policies • FERPA • PPM 160-2 Here are some campus and university resource links: • http://blink.ucsd.edu/technology/security/personal/ • http://adminrecords.ucsd.edu/PPM/docs/160-2.pdf (Ref: III.J, and IX) • http://policy.ucop.edu/doc/2710533/PACAOS-130 (Ref: 130.241) Takeaways All Student Data is personally identifiable All access to student data is controlled Sensitive data is highly restrictive
