Student Records

Student records are one of the most sensitive forms of data that the University stores. These records are defined as any record maintained by the university or an agent of the university that is directly related to a student, with the exception of employment records, Public Safety records, medical records, and alumni records. Student records contain, but are not limited to, personally identifying information such as: name, parents' names, address of the student and family, personal identifier such as social security number, lists of identifying personal characteristics, or any combination of this information.

Why?

Student records are protected under the Family Educational Rights and Privacy Act (FERPA). In addition, there are several university policies aimed at complying with FERPA and protecting students' privacy.

Getting Started

  1. Store student records on network drives or in Tufts approved applications, like SIS. If you no longer have a business need for the information, securely delete the files using an application like Identity Finder. Note that Identity Finder will identify student ID numbers that start with "991" as social security numbers. Student ID numbers with no additional information (like names, addresses, or phone numbers) do not qualify as Personally Identifiable Information (PII)
  2. Work with your Information Steward to change your business practices so student records are not stored on individual computers. The records should stay in the application and never need to be copied over to a device. A device can be left on the T, but a network drive cannot.
  3. For added security, follow the "Advanced" section of our Security Tips page.

Documentation

Guide to Massachusetts Data Privacy Laws
FERPA rights
Information Classification and Handling Policy
Confidential Records Destruction