Comprehensive Standard 3.9.2: Student Records
The institution protects the security, confidentiality, and integrity of student records and maintains special security measures to protect and back up data.
The University of South Florida Sarasota-Manatee (USF Sarasota-Manatee) protects the security, confidentiality, and integrity of its student records by following the requirements of the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99, Electronic Code) and USF System Regulation 2.0021 on Student Records. In accordance with the Student Records Regulation 2.0021 and the Florida Statutes 1002.225 and 1006.52, each year USF Sarasota-Manatee publishes the Student Records Policy in its Academic Catalog.
The institutions within the USF System, including USF Sarasota-Manatee, share the Banner Student Information System and have security measures (e.g., to safeguard and back up student records). Student records in every USF Sarasota-Manatee office are housed in a locked or secured place. Additionally, technical support staff regularly back up, archive, and store information in the student systems locally and at off-site locations.
USF Sarasota-Manatee handles and maintains all student records in accordance with the strictest security and confidentiality guidelines stipulated by the Family Educational Rights and Privacy Act (FERPA) Guidelines. The regulation regarding student records conforms to professional standards of the American Association of Collegiate Registrars and Admissions Officers (AACRAO). The statewide Division of Library and Information Services, Department of State, publishes the General Records Schedule GS-5 for public universities and colleges. This published policy provides public universities and colleges in Florida with the minimum requirements for the disposal of specific student records and identifies those records that must be retained permanently. As a public university, USF Sarasota-Manatee observes all prescribed minimum records retention periods, follows disposal requirements, and permanently maintains all records identified in Schedule GS-5 and the University of South Florida Student Records Management Manual.
The Banner Student Information System maintains electronic student records, requires a secure login and password, and resides on a secure server at USF in Tampa. Technical support staff members in Tampa conduct daily incremental backups and weekly backups of the entire student record system. The Office of Information and Decision Support Systems staff members on the USF campus in Tampa serve as the student data custodians, who manage all aspects of access to student information, including the levels of authority for access and control of student records. Authorized users access the student records system with a unique logon ID and password. To receive Banner access, employees must complete the FERPA Tutorial and score at least 80% on the quiz. Then, a data custodian sends an e-mail to the employee’s USF email address with the Request for OASIS/Banner Access Form. The form must be signed by the Accountable Officer and the employee and then sent to Educational Information Systems Security for evaluation and processing.
The Assistant Director of Admissions, the Director of Advising, and the Assistant Director of Records and Registration are responsible for the secure management of undergraduate application and financial aid records and the efficient processing of enrolled-student documents for USF Sarasota-Manatee and the off-campus instructional sites. Each employee has her/his own password to retrieve student records. Employees change their passwords regularly. As part of termination procedures, the data custodians eliminate logins and passwords when employees leave USF Sarasota-Manatee. The staff lock their computer stations when they leave their desks, and they ensure that the areas with physical student records are always locked and secured. The USF System has guidelines to manage Physical Security Guidelines, Electronic Security Guidelines, and the Retention and Disposition of Records Guidelines. The USF System has maximum security protections designed into its data processing systems, including Disaster Recovery/Business Resumption. Back-ups of data and extra copies are stored in secure off-campus locations as a safeguard against destruction, system failure, and other man-made or natural disasters. Information Technology personnel have also developed an IT Security Plan and test the “warm backup site” regularly that contains hardware similar to the data center.
USF Sarasota-Manatee uses a document-imaging program within the Banner Student Information System. By eliminating various steps within the enrolled student record transmittal process, the imaging program enhances security and provides more effective access to student records. Because the imaging program is included in the regular backups of the student databases, the document-imaging program provides USF Sarasota-Manatee with greater capacity to protect and recover student documents.
Academic Advising also images student documents and stores them in the iSynergy document-management system. USF Sarasota-Manatee uses Hobsons Enrollment Management Services. Student information from the Banner Student Information System is transferred into the Hobsons software modules to facilitate communication with students and assist retention efforts. Access to Banner and the Hobsons modules is limited through an authorization process, and logins are password-protected. As part of termination procedures, the data custodians eliminate logins and passwords when employees leave USF Sarasota-Manatee.
Judicial Services and Students with Disability Services maintain confidential student information in accordance with FERPA and all pertinent policies. Staff keep records in locked offices or files and prohibit unauthorized access.
The Registrar promptly investigates any internal infractions or violations of usage. In investigating and responding to external or third party security breaches, the Registrar follows the Department of Education’s Regulations on Safeguarding Personally Identifiable Information. These include notification to individuals, when appropriate.
SUPPORTING DOCUMENTATION & EVIDENCE