University Policies > A-Z Index > Student Records Privacy and Access Policy

Student Records Privacy and Access Policy

Authority: President
Date Enacted or Revised: Enacted August 2016; Revised March 20, 2022; July 28, 2025

Purpose

In accordance with 20 U.S.C. § 1232g and 34 CFR Part 99, McNeese State University complies with the Family Educational Rights and Privacy Act (FERPA). This policy outlines McNeese State University’s responsibilities and procedures related to the privacy, confidentiality, security, and access of student education records and establishes internal standards for ethical and authorized handling of student information.

Questions regarding FERPA may be directed to the Office of the Registrar at registrar@mcneese.edu.

Definitions

  • Student Records (Education Records): Records that contain information directly related to a student and are maintained by the University or its agents. Excluded are:
    • Sole possession notes not shared with others
    • Employment records unrelated to student status
    • Campus police records
    • Medical treatment records
    • Alumni records
  • Directory Information: Publicly releasable data including name, address, phone number, email, date and place of birth, major, classification, enrollment status, photograph, activities and sports participation, athletic height/weight, dates of attendance, degrees/awards, and most recently attended institution.
  • Personally Identifiable Information (PII): Any information contained in a student’s education record that can be used to identify the student, either directly or indirectly. This includes, but is not limited to, the student’s name, names of family members, Social Security Number, student ID number, date and place of birth, mother’s maiden name, or any combination of data that would allow a reasonable person in the University community to identify the student with reasonable certainty. PII encompasses both directory and non-directory information, though non-directory information may not be disclosed without the student’s written consent except as permitted by law.
  • University Official: Any employee, contractor, board member, student worker, or volunteer acting on behalf of the University.
  • Legitimate Educational Interest: The need to access student records to fulfill a job responsibility or institutional function, such as instruction, advising, financial aid, or disciplinary processes.

Student Rights under FERPA

Students have the right to:

  1. Inspect and Review Records: Students may request access to their records by submitting a written request to the University official responsible for the record. Access will be provided within 45 days.
  2. Request Amendment of Records: If students believe their records are inaccurate, misleading, or violate their privacy rights, they may request an amendment. If denied, they have the right to a hearing. Additional information regarding the hearing procedures will be provided to the student when notified of the denial.
  3. Consent to Disclosures: Personally identifiable information (PII) may not be disclosed without student consent except as permitted by law.
  4. File Complaints: Students may file written complaints concerning alleged failures by the University to comply with the requirements of FERPA with the U.S. Department of Education at:
    Family Policy Compliance Office
    400 Maryland Avenue SW
    Washington, DC 20202
  5. Restrict Directory Information: Students may opt out of directory information disclosure by submitting a Request to Prevent Disclosure of Directory Information form to the Office of the Registrar.

Disclosure of Student Information Without Consent

The University may release student information without consent under specific circumstances, including:

  • To school officials with legitimate educational interests
  • To officials at other institutions where the student seeks or intends to enroll
  • In connection with financial aid
  • To accrediting agencies and education authorities
  • To comply with a judicial order or subpoena
  • In health or safety emergencies
  • To parents of dependent students (as defined by the Internal Revenue Service)
  • For directory information (unless restricted)
  • For certain disciplinary or legal proceedings
  • To appropriate parties in connection with alcohol/drug violations (if under 21 years of age)

Records of such disclosures are maintained and made available to the student upon request.

Responsibilities of University Officials

University employees must treat student records as confidential and access them only when a legitimate educational interest exists. The following actions are considered violations of University policy and may result in disciplinary action, legal liability, or revocation of access:

  • Accessing student records without legitimate educational interest
  • Disclosing non-directory information without student consent or legal authorization
  • Leaving confidential information in unsecured locations
  • Discussing student information in public or inappropriate settings
  • Sharing login credentials or leaving systems unlocked
  • Using student-related information for personal gain
  • Removing student records without authorization
  • Uploading student records containing personally identifiable information (PII) to any artificial intelligence (AI) tool

Access to Electronic Student Records

Electronic student records are housed in systems such as Banner, Degree Works, Workflow, BDM, Argos, and UC4. Access to student records is limited to individuals with a documented legitimate educational interest and must be approved by the appropriate data owner:

Functional AreaData Owner
AdmissionsDirector of Admissions
FinanceComptroller
Financial AidDirector of Financial Aid and Scholarships
GeneralDirector of University Computing Services
Human ResourcesDirector of Human Resources and Student Employment
PayrollPayroll Accountant Supervisor 2
StudentRegistrar

It is the responsibility of the functional area data owners to determine the level of access to systems and student data based on individual employee responsibilities, job functions, and reporting requirements.

Procedure to Request Access to Student Records

  1. Requestor completes the electronic Access Request Form.
  2. Requestor obtains supervisor approval.
  3. Requestor submits the form to University Computing Services (UCS).
  4. UCS secures data owner authorization and processes the request.

Supervisors are responsible for requesting revocation or modification of access upon role change, separation, or misuse.

Security and Audit

University Computing Services conducts quarterly audits of user access to student systems. Data owners review access lists and authorize additions or removals as needed to maintain compliance and ensure data integrity.

Communication

This policy is distributed via the University Policies webpage.

Related University Policies