Data Privacy Quick Reference Guide

  • Minnesota State University Moorhead's Student Record Policy governs the conduct of University employees who act in the student's educational interest within the limits of the employee's need to know.

    Student records maintained by the University fall into two general categories: public directory information and educational records. Employees of the university have access to both categories. It is the employee's responsibility to be aware of the FERPA policy.

    You must:

    • Store and share information under secure conditions.
    • Make every effort to ensure students' privacy.
    • Refuse to discuss contents of student records unless there is a legitimate educational interest attached to the discussion.
    • Destroy printed information per departmental procedures.
    • Release information to a third party only if authorized approval is given.
    • Never represent summary data from files as "official" university data.

    What does all this mean?

    • Do not leave confidential information unattended.
    • Do not share your password with anyone.
    • Clear your screen when you leave your workstation.
    • Do not post grades in a public place using Name, Dragon ID or SSN.
    • Do not leave graded papers in a public place for pickup.
    • Check for a confidential warning (Red Notice) on a students record before giving out directory information.
    • Do not give out a student's class schedule to anyone.
    • Do not give out grades over the phone.
    • Always ask for a picture ID from the student before discussing their record.

  • What is Directory Information?

    MSUM may disclose directory information of students. Directory information includes:

    • Name, local and permanent (hometown) address
    • Telephone number
    • Major and minor fields of study
    • Class level
    • Dates of enrollment
    • Full-time/part-time status
    • Awards and honors (including Dean's list)
    • Previous educational institution(s) and dates attended
    • Past and present participation in officially recognized activities and sports
    • Height and weight of athletes
        

    MSUM designates the following information as limited directory information:

    • student Star ID number
    • electronic mail addresses (email addresses)
    • photographs taken and maintained by MSUM for various purposes
        

    Accordingly, this information will not be provided to external parties not contractually affiliated with MSUM. Use and disclosure of this information shall be limited to publication on websites hosted by, on behalf of, or for the benefit of MSUM, including the online directory and those officials within MSUM who have access, consistent with FERPA, to such information.

    Students may refuse to permit the disclosure of directory information if they notify MSUM's Registrar in writing they do not want such information disclosed.

    It can be confusing on what data is classified and how it needs to be handled. This guide will help you determine what classification the data is in and what software can be used to convey this data or where/if it can be stored. You can also reference the list of recommended resources on how to store and share data.

    Data Classification
    Examples
    Recommendations
    Data Classification
    Highly Restricted Data
    Example
    Social Security Numbers
    Bank Routing Numbers
    Credit Card Numbers
    Passwords and PINS
    Personal Medical
    Records
    Biometric Records
    Investigation Data
    NDA Protected Content
    Recommendation
    Store only with IT approval
    Talk to Data Security
    Do not Email
    Do not store on USB keys
    Do not access or store on any personal devices
    Delete when done!
    Data Classification
    Restricted Data
    Example
    Student Grades, Schedule, Class Lists, Photos, Attendance
    Transcripts
    Discipline Reports
    Donor Data
    Performance Reviews
    Log Usage
    Trade Secrets/IP
    Non Directory Demographics (age, race, ethnicity, veteran)
    Recommendation
    Store only with approval
    Store only on university provided resources: OneDrive, Office 365, Network Storage, Encrypted University Computer
    Avoid Emailing Restricted Data
    Removable storage must be encrypted (USB, thumb, flash drives & external disks)
    Do not store in Google, Mozy or DropBox
    Use MoveIT Transfer
    Delete when possible!
    Data Classification
    Low (Public) Data
    Example
    FERPA Directory Data: Preferred Name, Local Address, Email Address, Dates of Enrollment, Classification (freshman, sophomore, junior, senior), Degrees Conferred, Sports Affiliation
    Employee: Job Title & Photo, Work Location & Phone, Email Address, Salary, Employment Dates, Bestowed Honors
    Campus Maps
    Job Postings
    Recommendation
    Share only with authorization