March 12, 2012
To: Campus Community
From: President Mohammad H. Qayoumi
Subject: Presidential Directive 2008-02
INSTITUTIONAL POLICY ON ACCESS AND CONTROL OF INFORMATION CONTAINED IN STUDENT RECORDS
The purpose of this Presidential Directive is to ensure that San José State University continues to comply with all Federal and State legislation and California State University policies regarding the access and control of information contained in student records.
The use of institutional data to assess our progress in achieving university goals and in making course adjustments in our strategic planning efforts is a highly valuable resource, which is becoming ubiquitous in campus-wide operations.
The collection, storage, analysis, dissemination and overall management of institutional data is a complex interdivisional undertaking that requires participation and cooperation from a number of units including Administration and Finance, Human Resources, Institutional Research, University Advancement, Enrollment Services, Academic Planning and Budgets and others.
In order to establish institutional policies to manage and to provide timely and efficient availability of institutional data reports for all users, an Institutional Data Management Council (IDMC) was formed in May, 2007 to develop campus policies and operational procedures for the management and delivery of such data.
The Council is composed of the AVP for Institutional Research (who serves as the convener and as a co-chair), the AVP for Enrollment Services (a co-chair), the AVP for Finance (a co-chair), the Senior Manager for the CMS Project, the Vice Provost for Academic Planning and Budgets, the AVP for Human Resources, and the Executive Assistant to the President. The IDMC has an executive committee comprised of the three co-chairs and the Executive Assistant to the President. The Council reports directly to the President.
The IDMC's initial charge was to develop and recommend policies on the access and control of student and employee institutional data, and subsequently to establish within that framework and in consultation with the President operational groups as needed to facilitate fulfilling requests for institutional data by a multiplicity of both on-campus and off-campus users and to engage in on-going evaluation of its operation and recommend changes therein to the President as needed to improve its functional effectiveness.
Presidential Directive 2008-02 on the Access and Control of Information Contained in Student Records, which follows, and Presidential Directive 2008-03 on the Access and Control of Information Contained in Employee Records, represent the completion of the initial phase of the IDMC's work.
Institutional Policy on Access and Control of Information Contained in Student Records
Institutional policy for the access and control of information contained in student records operates, at the minimum, in compliance with the SJSU Academic Senate Policy S66-20 Confidentiality of Student Records as well as state and federal statutes, including, but not limited to the federal Family Educational Rights and Privacy Act (FERPA). In order to provide timely and efficient availability of institutional data reports for all users, an Institutional Data Management Council (IDMC), appointed by the President, is in charge of the development of institutional policies and operational guidelines for the management and delivery of such data.
The policy is based on the following principles:
1. Accuracy: Accuracy of data is the responsibility of all members of the university community, even though accountability is assigned to particular units and individuals.
2. Responsiveness: The University is committed to the principle of continuous improvement in its responsiveness in providing institutional data.
3. Limited Redundancy: Since duplication of data increases the likelihood of data inaccuracy and effort, the university will strive to reduce excessive redundancy in its data and systems.
4. Security: The University is committed to securing confidential data while providing reasonable access to authorized users.
Additional concerns or questions that are not addressed in this document should be submitted to the IDMC for recommendations on a case by case basis.
RELEASE OF INFORMATION TO THE PUBLIC
Beyond disclosure that is required and/or permitted by FERPA, no individual data other than enrollment status and degree verification (if applicable) are provided to the general public, including individuals, businesses, or organizations. The university does not produce a student directory. Additional information regarding the Confidentiality of Student Records may be obtained at http://www.sjsu.edu/studentconduct/docs/FERPA.pdf [You will need Acrobat Reader to view PDF files. Download now.]
External release of student contact information is prohibited in the University’s policy related to Confidentiality of Student Records as well as state and federal statutes, including, but not limited to the federal Family Educational Rights and Privacy Act (FERPA). Exception to the state and federal requirements stated in the previous paragraph are provided for three types of requesters: recognized educationally related organizations, National Student Clearinghouse, and United States military recruiters. Requests from educationally related organizations must be for educational purposes such as the awarding of scholarships. They cannot include a solicitation for membership or purchase of any service. Requests for individual student data from recognized educationally related organizations may come to IDMC with senior administrators and/or the University Registrar as the requestor. The requestor shall ensure that the Institutional Review Board (IRB) and any other necessary approvals are in order before submitting the request to IDMC for consideration. If approved, student contact data is released to the requesting unit for one-time contact with the student as defined in the request. The requestor must agree to use any released data only for the purposes specified in the request and must agree that released data will not be reproduced, published, publicly posted, or used for any secondary purpose. The requestor must agree to destroy any data with personal information once the purpose of the request is completed. Outside agencies found to violate this by reusing or redistributing the contact data may be banned from receiving any further student information from SJSU. For all verifications of student enrollment and degrees, SJSU has authorized National Student Clearinghouse (NSC) to act as its agent. More information regarding NSC may be obtained at www.studentclearinghouse.org. Degree verification for the most recent term is available approximately eight weeks after the term ends. In addition, the University Registrar's Office provides student contact data for registered and enrolled students to United States military recruiters. Recruiters should contact the Registrar to make a request for student contact data.
Other limited exceptions under FERPA for disclosures to outside individuals or organizations such as financial aid funding agencies, accrediting organizations, and individuals needing to know personal information for health and safety reasons are described in greater detail at http://www.sjsu.edu/studentconduct/docs/FERPA.pdf.
INFORMATION FOR USE WITHIN SAN JOSÉ STATE UNIVERSITY
1. Requesting Individual Student Data
To obtain data from individual student records, a request must be submitted in writing. Approved requests will be assigned to the appropriate university office(s) for response. Release of Social Security numbers is not permitted.
Medical and psychological treatment records are excluded as part of this policy. Requests for medical and psychological records are evaluated and granted on a case by case basis by Directors of Student Health Center for medical treatment records and Counseling Services for psychological treatment records.
If approved, student contact data is released to the requesting unit for one-time contact with the student as defined in the request. Requests for student contact data may be made on a categorical basis of demographic variables, but no additional demographic data may be provided beyond that inherent in the categories of request.
All student data are released for internal use by the requestor only, except as defined in section 1.1.2, Research Use. The requestor, and specified designees, must agree to use any released data only for the purposes specified in the request and must agree that released data will not be reproduced, published, publicly posted, or used for any secondary purpose. The requestor also agrees that he or she will destroy any data with personal information once he or she no longer has a legitimate educational interest in the data. Misuse of any such data may subject requestors or their designees to civil or criminal penalties and/or university discipline.
Any dispute regarding a request for release of student data may be submitted to the IDMC for resolution using a petition for hearing. The FERPA standards and any other relevant federal or state law or university policy will govern the resolution.
1.1. Individual Student Data Access Privileges and Procedures
The authorization process and type of student data that may be provided varies according to the administrative or academic responsibilities of the requestor. Requests for student data are evaluated and approved for the following purposes.
1.1.1 SJSU Administrative Use
Requests for release of individual student data are evaluated on a case by case basis. Authorization to submit a request for release of individual student data must first be approved or denied by the appropriate area senior administrator. Requests that have been approved for submission are then reviewed, and approved or denied, by the appropriate senior administrators and/or the University Registrar. Requests must demonstrate a legitimate educational interest and must be relevant to the academic or administrative responsibilities of the sponsoring individual, department or organization (hereafter referred to as the requestor).
1.1.2. Research Use
With appropriate approval, all individual student data may be provided to researchers affiliated with SJSU, or working in conjunction with SJSU faculty or management personnel. Disclosure is required.
The requestor must submit proof of SJSU Institutional Review Board (IRB) approval when making a request for any student data to be used in scholarly research. If the requestor is a matriculated student, the request must be authorized by the researcher's faculty advisor at SJSU, by the faculty advisor’s department chair or director, and by the college dean of the sponsoring department at SJSU. In instances where the sponsoring department does not report to a college dean, the request must be authorized by the appropriate senior administrator for that unit.
Requests from researchers for surveys of students will be evaluated by the University-wide Survey Committee to determine the institutional impact of surveying students, e.g., to ensure that students are not asked to participate in an inappropriately high number of surveys. The committee will then make recommendations to the IDMC for the final approval. See Appendix A for more detail on the University-wide Survey.
1.1.3. Student Organization Use
Student contact data, but not demographic or academic performance data, may be provided to SJSU student organizations that are registered with the Office of Student Involvement within the Division of Student Affairs. Requests from student organizations must be authorized by Vice President for Student Affairs, or designee. Examples include, but are not limited to, requests from student governments serving undergraduate and/or graduate students, student organizations or student officials affiliated with the Academic Senate or any of its Committees, university sponsored fraternities and sororities, and all other student organizations registered with the Office of Student Involvement.
2. Requesting Aggregate Data
Aggregate data is defined as data that are compiled or computed, and that exclude any record-level values of any nature, including but not limited to personal identifying information such as names and/or SJSU Identification numbers (EMPLID). Requests for aggregate student data are evaluated on a case by case basis. Submitted requests are approved or denied by the appropriate senior administrators and/or the Office of Institutional Research.
Requests from recognized external educationally related organizations such as educational associations or governmental entities with responsibilities to education are reviewed by the senior administrators and/or the Office of Institutional Research and may be referred to IDMC for further review as appropriate.
3. Use of Student Data for Mass Email Service
Requests for the university’s use of mass email service are evaluated on a case-by- case basis and are approved or denied by senior administrators of the Office of Public Affairs within the Division of University Advancement who will notify the University Computing and Telecommunication (UCAT) for processing. Email surveys must be conducted as described in section 1.1.2, Research Use, prior to submitting this request. Only university email addresses will be used.
Requests must demonstrate a legitimate educational interest and must be relevant to the academic or administrative responsibilities of the sponsoring department or organization. The Public Affairs and/or Registrar's Offices reserve the right to edit and format emails according to university publications standards. The requesting department must provide an SJSU email address where recipients may send replies and where returned email is sent. The requesting department assumes responsibility for replies and returned email. No attachments can be accommodated. Additional information must be posted on a separate website with an appropriate link provided in the email.
Appendix A. University-Wide Survey
The responsibility of this committee is to ensure that university-wide surveys of campus faculty, staff, and student opinions are conducted in a manner that minimizes redundancy and frequency of surveys and follows guidelines for survey deployment. In order to achieve these goals, all university-wide surveys of faculty, staff, and student opinions will be coordinated through the University-wide Survey Committee.
Definitions and Scope
1. University-wide survey is defined as a survey.
a. where the target population is drawn from more than one department or unit and/or is randomly selected.
b. where the surveyed activities or services span a significant proportion of the student or employee population.
2. This policy applies to any university-wide survey of the campus community except for the following conditions:
a. surveys for individual classroom research projects, or any research gathering information for theses, dissertations, publications, or scholarship that does not require widespread involvement of SJSU students; and
b. surveys that involve personnel within the initiator’s immediate department.
c. "focused" surveys are those given to a defined population for a specific operational purpose, (including course evaluations; surveys targeting a limited, well-defined group of respondents for a narrowly defined purpose).
The responsibility for implementing and administering this policy shall be delegated to the University-wide Survey Committee.
1. Survey Committee Composition
One representative each from Academic Affairs, Student Affairs, Administration and Finance, Institutional Research (selected by their respective Vice President), and one representative from the President’s Office (selected by the President). Experience in survey research is recommended.
2. Committee Tasks
a. Coordinate the administration of surveys to minimize overlap and duplication
b. Provide support for survey development, administration and analysis
c. Ensure that the information being sought is not already available in another form
d. Approve survey requests by entities outside of the California State University system
3. Frequency of meetings of the Survey Committee; Once per semester or as needed.
Required Process for Administering University-wide Surveys
a. The request must be submitted to the Office of Institutional Research one month prior to the first day of classes (for both fall and spring).
b. For scholarly research, proof of SJSU Institutional Review Board (IRB) approval is required.
c. If the requestor is a matriculated student, the request must be authorized by the researcher's faculty advisor at SJSU, by the faculty advisor’s department chair or director, and by the college dean of the sponsoring department at SJSU. In instances where the sponsoring department does not report to a college dean, the request must be authorized by the appropriate senior administrator for that unit.
d. If authorized, submit the Authorization to Conduct Survey Research Form (www.iea.sjsu.edu/UWSC.pdf), a draft of the survey items, and other supporting materials to the University-Wide Survey Committee approximately thirty days prior to the beginning of administering semester.
If individual student data are released, they must be used by the requestor only. The requestor, and specified designees, must agree to use any data provided only for the purposes specified in the request and must agree that data obtained will not be reproduced, published, publicly posted, or used for any secondary purpose.