Data Privacy Quick Reference Guide
Minnesota State University Moorhead's Student Record Policy governs the conduct of University employees who act in the student's educational interest within the limits of the employee's need to know.
Student records maintained by the University fall into two general categories: public directory information and educational records. Employees of the university have access to both categories. It is the employee's responsibility to be aware of the FERPA policy.
You must:
- Store and share information under secure conditions.
- Make every effort to ensure students' privacy.
- Refuse to discuss contents of student records unless there is a legitimate educational interest attached to the discussion.
- Destroy printed information per departmental procedures.
- Release information to a third party only if authorized approval is given.
- Never represent summary data from files as "official" university data.
What does all this mean?
- Do not leave confidential information unattended.
- Do not share your password with anyone.
- Clear your screen when you leave your workstation.
- Do not post grades in a public place using Name, Dragon ID or SSN.
- Do not leave graded papers in a public place for pickup.
- Check for a confidential warning (Red Notice) on a students record before giving out directory information.
- Do not give out a student's class schedule to anyone.
- Do not give out grades over the phone.
- Always ask for a picture ID from the student before discussing their record.
What is Directory Information?
MSUM may disclose directory information of students. Directory information includes:
- Name, local and permanent (hometown) address
- Telephone number
- Major and minor fields of study
- Class level
- Dates of enrollment
- Full-time/part-time status
- Awards and honors (including Dean's list)
- Previous educational institution(s) and dates attended
- Past and present participation in officially recognized activities and sports
- Height and weight of athletes
MSUM designates the following information as limited directory information:
- student Star ID number
- electronic mail addresses (email addresses)
- photographs taken and maintained by MSUM for various purposes
Accordingly, this information will not be provided to external parties not contractually affiliated with MSUM. Use and disclosure of this information shall be limited to publication on websites hosted by, on behalf of, or for the benefit of MSUM, including the online directory and those officials within MSUM who have access, consistent with FERPA, to such information.
Students may refuse to permit the disclosure of directory information if they notify MSUM's Registrar in writing they do not want such information disclosed.
It can be confusing on what data is classified and how it needs to be handled. This guide will help you determine what classification the data is in and what software can be used to convey this data or where/if it can be stored. You can also reference the list of recommended resources on how to store and share data.
Bank Routing Numbers
Credit Card Numbers
Passwords and PINS
Personal Medical
Records
Biometric Records
Investigation Data
NDA Protected Content
Talk to Data Security
Do not Email
Do not store on USB keys
Do not access or store on any personal devices
Delete when done!
Transcripts
Discipline Reports
Donor Data
Performance Reviews
Log Usage
Trade Secrets/IP
Non Directory Demographics (age, race, ethnicity, veteran)
Store only on university provided resources: OneDrive, Office 365, Network Storage, Encrypted University Computer
Avoid Emailing Restricted Data
Removable storage must be encrypted (USB, thumb, flash drives & external disks)
Do not store in Google, Mozy or DropBox
Use MOVEit Transfer
Delete when possible!
Employee: Job Title & Photo, Work Location & Phone, Email Address, Salary, Employment Dates, Bestowed Honors
Campus Maps
Job Postings