10 questions to consider to help prevent breaches in student record security

The security of student records is a significant responsibility in any higher education office. From college and university administrators to student workers, everyone who handles student records needs to be aware of policies and procedures for handling student data, computers must be secure and virus-free, and desks must be maintained so that confidential information isn’t on display.

Preventing security breaches is a serious obligation that requires ongoing training, internal audits and staff vigilance.

10 questions to consider regarding employee security

  1. Do all of your employees take FERPA training of some kind?
  2. Do all employees sign a confidentiality statement yearly?
  3. Do you use contractual terms and conditions to ensure that all employees agree to comply with the information security restrictions and obligations that control how they use assets and access information systems?
  4. Have you reduced the risk of data fraud or misuse of facilities by making sure all vendors understand their responsibilities before they begin working, and all employees understand their responsibilities and code of conduct? (This should be reviewed yearly.)
  5. Have you reduced the risk of fraud of data misuse by making sure that staff members in departments other than the Office of the Registrar with access to protected data understand their responsibilities with regard to protecting students?
  6. Are your organizations security roles and responsibilities defined in accordance with your security policy?
  7. Do your employees understand that they must comply with the security policy?
  8. Do your employees understand that assets such as official transcript paper must be protected as well as students’ information?
  9. Do your employees understand the ramifications if security is violated?
  10. Do your employees lock their computers when away?

Employee security is only part of the big picture of protecting student records. Other issues must also be attended to, such as physical space security, document disposal, working with vendors and preparing an incident response plan.

These and other concerns are discussed in depth in Chapter 6 (“Security of Student Records”) of the recently updated AACRAO 2016 Academic Record and Transcript Guide.

Other chapters in the Guide include:

  • Current Issues (e.g. disciplinary annotations, name change recommendations and reissuance of a diploma);
  • Database and Academic Transcript Components;
  • Transcript Key;
  • Nontraditional Work and Continuing Education Unit Records;
  • Transcript Services and Legal Considerations; and
  • Fraudulent Transcripts.

In addition, the Guide aims to educate the reader on the differences between “database” and “academic record or transcript,” and presents 54 database and transcript components, along with recommendations as to whether their use is Essential, Recommended, Optional or Nor Recommended.

To order the AACRAO 2016 Academic Record and Transcript Guide and check out other AACRAO publications, visit the AACRAO Publications website.

In addition, check out the FERPA offerings at this year's AACRAO Annual Meeting, March 20-23 in Phoenix, Arizona.

AACRAO Senior Fellow LeRoy Rooker will be presenting

Registrar 101 & FERPA (Part I)

FERPA: the Overview

FERPA: the Update

Applying FERPA in Real-life Situations

FERPA and Admissions Records Requests: The View from the Registrar's Desk

To register and for more information, visit the AACRAO Annual Meeting page.