FERPA clearly states that student information may only be released to the student and to anyone the student has given written consent. In person is the most secure way to discuss student records, however, many times that is not an option. When the student grants written consent, the recipient sets up a security phrase for use in these situations. In order to avoid giving a hacker sensitive information, follow these guidelines for student privacy and security.
Electronic Communications
- Do not put sensitive information in the subject line such as name or NUID. Hackers can easily scan subject lines as well as anyone in close proximity.
- Always blind copy (BCC) students when emailing a group of students.
- Do not communicate grades or other sensitive information in an email. Instead, use Blackboard, Canvas, or another secure platform.
- Always use appropriate and professional language in the message.
Phone
- Avoid discussing sensitive issues over the phone. Try to speak in person if possible.
- If necessary to discuss over the phone, have the caller use the security phrase set up on MyRED for those who have written consent.
- Never leave a message with sensitive information.
- For school officials, law enforcement, or other individuals who meet the university's exceptions, use caution and reasonable effort to verify the identity of the caller.
Fax
- Do not send private information through fax.
Social Media
- Do not place personally identifiable student information on any social media websites.
- Advise students to use caution when using these sites.