Faculty Access to Student/FERPA Data

As part of their normal duties, faculty members have access to student data that is considered confidential by the Family Educational Rights & Privacy Act (FERPA). ECU has designated FERPA data as Level 3 Sensitive/Confidential according to the ECU Data Classification standard. It’s important that sensitive data is protected from both intentional and unintentional disclosure. More information pertaining to FERPA is available at https://registrar.ecu.edu/family-educational-rights-privacy-act/.

Secure computing practices should be followed to ensure protection of sensitive university data. Please follow the guidelines below:

  • Data Storage – Sensitive university data, including FERPA data, should only be stored on approved university storage. This includes grades and student coursework. Sensitive/FERPA data should only be stored on approved university storage in accordance with ECU’s Sensitive Data Storage and Transmission guidelines.
  • Data Access – Canvas, Banner and DegreeWorks can be accessed from a personal device, but data should only be exported to approved university storage.*
  • Grades – Faculty are strongly encouraged to use Canvas for storing grades, as opposed to spreadsheets, which allows for greater control of access, aggregate grading trends, comparisons, etc. Grading spreadsheets (or other formats) should only be stored on university-approved storage such as OneDrive or Piratedrive, according to ECU’s Sensitive Data Storage and Transmission Guidelines.
  • Coursework – Student course materials (homework, projects, papers, etc.) are part of the educational record and should also be stored and edited on approved university storage.
  • Student Recordings – Recording and storing recordings should be done through an approved university software, currently Teams and/or Canvas studio. Students must give consent in order to be recorded.
  • Be mindful of what you put in email as it is subject to public record laws!
  • Any exceptions to these guidelines must be made to the Registrar’s Office and approved by the Registrar, Provost and CIO.

Did you know? University-owned storage allows access from anywhere, is long term and can allow for institutional access in emergency situations. Learn more at OneDrive.

NOTE: Personal devices used to check ECU email that may contain sensitive data must be encrypted. Please see the Related Articles section on this page for specific ECU guidelines on encrypting personal mobile devices, or follow the manufacturer's instructions to ensure encryption of your personal device:

Details

Article ID: 67685
Created
Thu 4/7/22 1:06 PM
Modified
Mon 6/13/22 1:21 PM
Service Owner
Communications and Online Content Management

Related Articles (1)

All mobile devices used to access ECU email or other business functions require the device meet security requirements and be encrypted. This article outlines how to enable encryption on your personal mobile device.