Body
Many Texas A&M employees work daily with confidential information. It is our responsibility to protect it by becoming familiar with what data is confidential, the technologies that can protect this information and the practices that help prevent its release.
What information is confidential?
Confidential information must be protected from unauthorized disclosure or public release based on state or federal law. Examples of confidential information include but are not limited to the following:
- Social Security numbers (SSNs)
- Some Research Data
- Credit card numbers
- Financial account numbers
- Student education records (including schedules)
- Medical Records
- Passwords
Federal laws that require the confidentiality of information include:
Directory Information
Directory information refers to items of information contained in the educational record which may be released without the student's prior, written consent. Texas A&M University defines the following items as directory information:
- Name
- Universal Identification Number (UIN)
- Address (Local)
- Address (Permanent)
- Telephone number (Local)
- Telephone number (Permanent)
- Email address
- Program of study (college, major, campus)
- Dates of attendance
- Previous educational agencies/institutions attended
- Participation in officially recognized activities and sports
- Degrees, honors, and awards received
- Classification
However, students may place a directory hold on any or all of this information at https://howdy.tamu.edu. Once the student has placed a hold on his or her directory information, this information may not be released without the prior, written consent of the student.
What are the rules about storing and transferring confidential information?
Storing Confidential Information - University SAP 29.01.03.M1.16, Portable Devices requires encryption of Texas A&M related confidential information that resides on portable computing devices. It is recommended that all confidential data be encrypted even if it resides on stationary systems.
Transferring Confidential Information - University SAP 29.01.03.M1.31,Encryption of Confidential and Sensitive Data requires encryption of confidential information when it is transmitted through email or to an off-campus site or when it is accessed from a remote location.
Credit Cards - University SAP 21.01.02.M0.03 Credit Card Collections defines the very stringent requirements for accepting credit card payments. See Credit Card Procedures and Policies for details.
Quick Checklist for Protecting FERPA Data
- Post grades using Texas A&M approved Learning Management System. For help visit Support - Learning Management System.
- Encrypt all confidential information.
- Use UINs instead of Social Security numbers. Take the appropriate steps when Social Security Numbers are ABSOLUTELY necessary.
- DO NOT allow students to see other students grades, even by sorting through a stack of papers to pick up their graded work.
- DO NOT discuss the progress of any student with anyone other than the student (including parents/guardians) without the consent of the student.
- DO NOT provide anyone with lists of students enrolled in classes for any commercial purpose.
- DO NOT provide anyone with student schedules or assist anyone other than professional university employees in finding a student on campus.
How can I safely transfer confidential information?
Filex
Do NOT send confidential information through email. Use Filex instead.
Filex is an easy tool for transferring confidential information. Upload files to the Filex server and add email addresses for recipients. For files containing sensitive or confidential information, Filex includes an encryption option. Filex sends a link via email to download the file, which the recipients click to obtain the file directly from the Filex server. If you selected the encryption option, Filex provides a key for you to send to your recipients to unlock the encrypted file. For step-by-step instructions, see Using the Filex file distribution system.
Safe File Transfer Tools
If you need to transfer confidential information between two systems that you manage, use secure protocols like SCP or SFTP. WinSCP is an easy-to-use, Windows tool for SCP and SFTP.
How can I safely store confidential information?
Encrypt Files
By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. When you use encryption, it is important to have a recovery plan in case you forget your key.
For details, see SAP 29.01.03.M1.31.
For information on encrypting your entire disk, encrypting specific files, or transferring files securely, please visit our article on Encryption How-tos.
How can I safely post grades?
FERPA requires that student grades be accessible only to individual students and other authorized personnel. Posting grades in a secure course management system (such as Canvas) is the preferred method for distributing grades online at Texas A&M University. For help visit Support - Learning Management System.
If you do not use a Learning Management System, give students their grades individually.
What should I do if I know confidential information has been disclosed?
Report disclosures of confidential information as soon as you realize they have occurred by emailing itrm@tamu.edu. For additional details about reporting disclosure of sensitive personal information, see SAP 29.01.03.M1.24.
Additional Resources
Visit the following web sites for information on confidential information:
If you have any questions about FERPA, please contact the Office of the Registrar, Records Section at 979.845.1003 or records@tamu.edu.