(FERPA) OF 1974 AS AMENDED
FERPA guarantees that personally identifiable information from a current or previously enrolled student may NOT be disclosed to a third party without written consent from the student. Therefore, with the exception of directory information:, Ferris State University employees may access student educational records only on the basis of their NEED TO KNOW, DIRECTORY INFORMATION consists of the following: student name, address, telephone number, curriculum, dates of attendance, degrees and awards received, previous educational agency or institution attended by the student, participation in officially recognized activities and sports, and weight and height of members of athletic teams.
Please review this policy as you receive requests for information concerning students. In cases where you have a doubt as to whether particular information concerning a student should be disclosed, contact your supervisor or data custodians for guidance. It is your responsibility of all staff members to seek out (from the designated staff in the office where data originates) any training that is necessary to utilize the data accurately and effectively.
Each person requesting access to data screens will be issued a security password and their transactions will be logged to this password. The password must be changed periodically by the user. Use of this password is subject to the following:
- Use only your own ID and password. A student employee must have his/her own ID!!
- Be sure this password in not visible to others.
- Position the display screen such that a third party cannot access information.
- Log off or lock the terminal or microcomputer anytime you leave it.
The following guidelines must also be followed when accessing data:
- Screens approved for display should be interpreted with caution, and specific questions should be referred to the department authorizing access. Training should be sought directly from that office.
- All hard copy or back-up documentation accessed from or pertaining to a screen must be secured or shredded after use is complete.
- The department manager must notify Computer Data Security personnel upon termination or relocation of any employee accessing secured data.