Student Education Records
Definition: Records that contain information directly related to a student and that are maintained by the university or by a person acting for the university.
Governing Authority: The Family Educational Rights and Privacy Act (FERPA)
Responsible Operating Unit: Registrar's Office
Examples: Such data sets would include student transcripts and grades, degree information, class schedule, advising records, disciplinary records, athletics or department recruiting information, wire transfer information, financial aid, accounting, loan information, student tuition bills, advising records, and other non-directory information. For further information see the Registrar's FERPA website.
Special Considerations: Several years ago Ohio University used SSNs as identifiers, but has stopped using them. Instead, Ohio University uses a PID to identify individuals without needing to use a sensitive piece of information. The Information Security Office does not condone the storage of SSNs, and encourages departments to securely destroy such information according to their records retention schedules.
Acceptable IT Services & Tools:
- None without consultation.
- OnBase - With OIT consultation.
- OneDrive/O365 Groups - Only with OIT consultation and Group setup according to the Storing Sensitive Data within OneDrive Standard.
- NAS departmental shared storage (shared.ohio.edu) - With OIT consultation to ensure data is encrypted.
- NAS individual home storage (home.ohio.edu) - With OIT consultation to ensure data is encrypted.
- Blackboard - With OIT consultation.
- PeopleSoft - With OIT consultation.
- Qualtrics - With OIT consultation.
Not Permitted IT Services & Tools:
- OneDrive/O365 individual accounts
- Personal cloud accounts
- Personal/Non-University owned devices
If you don't see the IT service or tool listed that you wish to use to store data classified as medium or high sensitivity, contact Information Security to determine if it's appropriate for your data type.