Confidentiality of and Access to Student Records Policy
Authority: President
Date Enacted or Revised: Enacted August 2016; Revised March 20, 2022
Purpose
The Family Educational Rights and Privacy Act (FERPA) permits University officials to access and use student records for legitimate educational purposes. This policy outlines the expectations for maintaining security, confidentiality, and integrity of student records and the procedures for granting access to and revoking access from electronic student records for University officials.
Student Records
Student records are defined as educational records that contain information directly related to a student and are maintained by a University official. Educational records do not include:
- Sole possession records (records that are kept in the sole possession of the maker which are used only as a personal memory aid and are not accessible or reviewed by any other person except a temporary substitute for the maker of the record);
- Employment records, provided employment is not contingent upon being a student;
- Law enforcement records;
- Medical records; or
- Post-attendance records.
Under FERPA, a University official is determined to have legitimate educational interest in student records if the information is necessary to:
- Perform appropriate tasks that are specified in their position description or by a contract agreement;
- Perform a task related to a student’s education;
- Perform a task related to the discipline of a student; or
- Provide a service or benefit relating to the student or student’s family, such as healthcare, counseling, job placement, or financial aid.
For the purposes of FERPA, the definition of a University official includes, but is not limited to:
- A person employed by the institution in an administrative, supervisory, academic, research, or support staff position;
- A person serving on an institutional governing body;
- A person employed by, or under contract to, the University to perform a special task, such as an attorney or an auditor;
- A person or organization acting as an official agent of the University, and performing a business function or service on behalf of the University, which the University would normally perform itself;
- A student serving on a committee; or
- A student assisting another school official in fulfilling their professional responsibilities.
Responsibilities of University Officials
Access to, and use of, student record data are privileges which must be accepted in strict compliance with FERPA and with the highest standards of ethical and professional behavior. University officials are required to abide by the policies governing review and release of student education records. Inappropriate use or misuse of student records is a violation of University policy as well as state and federal laws and could result in University disciplinary actions, up to and including termination, as well as civil and/or criminal prosecution.
Examples of inappropriate use of student records include, but are not limited to:
- Accessing or reviewing a student’s record without a legitimate educational interest;
- Releasing confidential student information (non-directory) to a third party without a student’s written consent;
- Leaving reports or computer screens containing student information unattended or in view of others who should not have access;
- Discussing information contained in a student’s record outside of the University or with others who do not have a legitimate educational interest in the information;
- Removing student records from where they are maintained except in the performance of duties;
- Using information from student records for personal business or gain; and
- Sharing assigned passwords with others.
Access to Electronic Student Records
Electronic student records are maintained in Banner, the University’s student information system; Degree Works; Workflow; and BDM (Banner Document Management). Argos and UC4 systems are reporting tools used to access and retrieve student data. Access to student data in Banner, Degree Works, Workflow, BDM, Argos, UC4, or any other system maintained by the University is only granted to individuals with a job-related, legitimate educational interest. Access to specific student data is granted by approval of the data owner (or designee) of the functional area which oversees the student data being requested:
Functional Area | Data Owner |
Admissions | Director of Admissions and Recruiting |
Finance | Comptroller |
Financial Aid | Director of Financial Aid |
General | Director of University Computing Services |
Human Resources | Director of Human Resources and Student Employment |
Payroll | Payroll Accountant Supervisor 2 |
Student | Registrar |
It is the responsibility of the functional area data owners to determine the level of access to systems and student data based on individual employee responsibilities, job functions, and reporting requirements.
To request access to Banner and related systems, a University official (data user) completes the Access Request Form, obtains their supervisor’s approval, and submits the form to the Office of University Computing Services (UCS). Upon receipt of the form, UCS obtains approval of data owners and processes the request. Once access is assigned, the data user is notified via their McNeese email address. If a new account has been created, the data user presents a photo ID to UCS to obtain their login credentials. When a data user transfers to another position or leaves the University, it is the responsibility of the data user’s supervisor to request that access be modified or terminated.
To protect the security, confidentiality, and integrity of student data, the director of UCS initiates quarterly audits of user access. During the audits, data owners review user access and make modifications as needed and with appropriate documentation.
Communication
This policy is distributed via the Administrative Advisory Council and the University Policies webpage.