Confidentiality Workshop Barbara Erickson – Registrar Jim Rink – IT End User Support.
Download ReportTranscript Confidentiality Workshop Barbara Erickson – Registrar Jim Rink – IT End User Support.
Confidentiality Workshop Barbara Erickson – Registrar Jim Rink – IT End User Support The End Take this with you today! Faculty, staff, and student workers have access to education records for the sole purpose of performing their jobs professionally, ethically, and responsibly. They have a responsibility to protect the confidentiality of education records in their possession, regardless of the medium in which the records are presented. Agenda – – – – – – – What are FERPA and GLB? FERPA Basics Confidentiality Data Safeguarding Technology Policies Case Studies Questions What are FERPA and GLB? • FERPA is the Family Educational Rights and Privacy Act – Defines a students right to access their educational records and requires the institution to keep a students record confidential • GLB is the Gramm-Leach-Bliley Act – Defines Colleges and Universities as financial institutions and requires that they implement Data Safeguard rules FERPA Basics The Essence of FERPA: • Access - A student must be permitted to inspect his/her own education records. • Confidentiality - Education records are confidential and may not be released without the written consent of the student FERPA Basics What are educational records? Records can be in any medium, including handwritten notes, paper files, e-mail, electronic files, video or audio tapes, microfilm or microfiche. The records are not limited to those in “official” files and include records maintained in any UW-S office or file. With limited exceptions, a student can see every educational record UW-S has that is directly related to that student. FERPA Basics Regarding Confidentiality: School officials shall not disclose personally identifiable information about a student or permit inspection of the students records without the students written consent unless such action is covered by certain exceptions permitted by the act. Education records are confidential and may not be released without the written consent of the student. Exception: Unrestricted “Directory Information” FERPA Basics Directory Information includes: • • • • • • • Name Address Telephone Number E-Mail Address Date of Birth Major field of Study Participation in officially recognized activities and sports • Weight and height of members of athletic teams • Dates of attendance • Degrees and awards received • The most recent previous educational agency or institution attended FERPA Basics When can academic records be shared? • • • • • • To the student When the student provides written consent that identifies the record(s) to be released, the person to whom they are to be released, and the reason for the release Unrestricted Directory Information To school officials with a legitimate educational interest To schools in which a student seeks or intends to enroll To authorized representatives of the Comptroller General of the United States, the Secretary of the Department of Education, or state and local educational authorities.. • • • • • • To accrediting organizations. To comply with a lawfully issued judicial order or subpoena. Health or safety emergency. Results of a disciplinary hearing of a student accused of a crime of violence or non-forcible sex offense. To parents or guardians of students under the age of 21 who have violated an alcohol or drug policy. In connection with financial aid FERPA Basics • FERPA recognizes a person enrolled in post-secondary education as a “student” and provides that individual certain rights, regardless of age. Therefore, a parent does not have an inherent right to access his/her child’s education records. • Posting education records (e.g., grades) using the student's name, student ID# or any portion of the social security number is a violation of FERPA. FERPA Basics Any questions regarding FERPA guidelines should be directed to the Registrar in Old Main, room 139, (715) 394-8228. Student Confidentiality Agreement • Students with access to confidential student records must sign a confidentiality form a copy. The form is filed either with the financial aid department or with the department where the student is employed • Departments that use student help are responsible for training any student on appropriate use, confidentiality, GLB, and FERPA • The Confidentiality form can be downloaded from the Financial Aid web site Safeguarding Data Safeguarding data: • Password protect • Locking files and offices documents • Monitor Privacy devices • Save files on your G:Drive • Proper hard copy • Empty the Recycle Bin disposal • Delete/Dispose of files on • Use strong passwords storage devices • Change passwords • Avoid sending confidential periodically data via E-Mail • Don’t post your • Secure your mobile password computing devices when • Use password activated you travel screen saver Safeguarding Data Password selection: • Avoid common passwords like "password”, your name, telephone number, repetitive or sequential strings. • Intersperse punctuation marks or symbols such as #, $, %, etc. Do not use a blank space. • Never write down your password and post it where easily accessible to others Safeguarding Data Password selection: • Use at least seven characters; the more characters, the better (as long as you can remember them). • Use special characters and numbers and a mix of CaSe • Make your password easy for you to remember but hard for someone else to guess. Example: Pick letters from a phrase that's meaningful to you may be the source for a good password. In this way, your password is really a "pass phrase” "Do you know the way to San Jose?" could be D!Y!KtwTSJ?) Technology policies overview • Guidelines for Appropriate Use- This policy document describes at a summary level the basic guidelines for appropriate use of technology and covers a broad set of technology topics. • Disconnecting from the network- Defines rules for connecting devices to the University Network and procedure that will be followed to disconnect a device from the network • Policy on Passwords- Defines specific policy on the creation and standards for passwords that give access to university data and the defines the authority given to the networking staff to ensure secure passwords Technology policies overview • Email- Describes the appropriate use of _everyone email distribution list • Response to Subpoenas- Document defines how requests for access to confidential data by legal means such as subpoenas, search warrants and other official requests will be handled. • Information Assurance- This policy defines the procedures used to ensure that the University's Information assets, including Information Technology (IT) resources such as equipment and processes, are reliable, secure, and used in ways consistent with the campus mission. Technology policies overview • Web Policy- This policy is designed to set a uniform standard for appearance and quality for World Wide Web pages created and maintained by administrative offices at UW-Superior. • Web Guidelines Policy - A guide for designing and publishing web pages that are uniform, functional and accessible yet reasonably easy to create and maintain. • Technology Accessibility- This policy is designed to guide compliance with the Americans with Disabilities Act and Section 504 of the Rehabilitation Act with respect to the implementation of information and instructional technology at UW-Superior. Case Studies An attorney calls the chair of the History Department about student Reed A. Book. The attorney explains that they represent Mr. Book in a personal injury action that does not involve the university and states that Mr. Book does not object to the department chair discussing his student records, including his grades, with the attorney. Should the chair provide information about Mr. Book to the attorney? Case Studies Answer: No. Attorneys and other third-parties generally cannot access student education records unless the student consents to that access. Case Studies But what if: Mr. Book calls the department chair and tells her that he does not object to her talking to the attorney. Should she talk to the attorney? Case Studies Answer: No. FERPA requires the student to provide written consent. Case Studies Ok, but: What if the attorney provides the department chair with a piece of paper that states: "Please release my education records to my attorney J.A. Smith for use in my personal injury case. Signed, Reed A. Book"? Case Studies Answer: Yes the records may be released. The student has provided consent in writing that identifies the record(s) to be released, the person to whom they are to be released, and the reason for the release. These three elements are needed in a written consent to satisfy FERPA. Case Studies Professor Olson is concerned about a student she has recently been assigned to advise. The student is struggling and is earning a very low grade in a course he is taking from Professor Olson. Professor Olson wonders if the student had similar difficulties in past semesters. She decides to review the student's transcript via E-Hive. Does FERPA provide for Professor Olson’s review of the student’s transcript for this purpose? Case Studies Answer: Yes. Professor Olson advises this student. She has a legitimate educational interest in obtaining the student's transcript in order to properly assist and advise this student? Case Studies The Provost stops by the Art Department office and tells the department chair that a former student has filed a complaint against the university alleging discrimination. The Provost wants the chair to turn over the department's file on the student to the Provost for review by the university's attorney. Should the chair turn over the file? Case Studies Answer: Yes. FERPA permits University legal counsel to access information when a student sues the university. Legal counsel also may access information where litigation has not ensued. Case Studies The CJUS Department work-study student's job duties require them to access student records. Has the department violated FERPA by allowing the student this access? Case Studies Answer: No. The student's job duties require them to access education records. They therefore have a legitimate need to see the records to fulfill the job responsibilities and it is not a FERPA violation for them to access the records. The department should properly train the student on FERPA privacy rights to ensure the student maintains the confidentiality of the student records he accesses. Case Studies A Husband of a student approaches you frantically asking to find his wife husband because their son is in the hospital. You have access to the wife’s class schedule… Do you tell him where to find her? Case Studies Answer: No. You should tell the husband that you will immediately contact the campus safety office. They will locate the wife and bring them to the husband. Case Studies One of your advisee’s requests access to the notes you keep on the advisee in your file. Do you have to provide that student access to those notes? Case Studies Answer: Yes. Under FERPA a student may inspect and review their educational records Case Studies Bottom line: Scrutinize any and all requests for student information and if you have any questions, contact or refer the request to the Registrar. Resources • Find more information on FERPA at : www.ed.gov/offices/OM/fpco/ferpa/ • Find more information on GLB at: www.ftc.gov/privacy/glbact/ • Password Security: There are numerous web sites that provide tips and suggestions for picking a good passwords. Use a search engine and search for “Selecting a secure password”