The institution
protects the security, confidentiality, and integrity of its student records
and maintains security measures to protect and back up data.
x Compliance o Non-Compliance o Partial Compliance
UL Lafayette
protects the security, confidentiality, and integrity of its student records,
and maintains security measures to protect and back up this data.
The University
considers education records to be those records that contain information
directly related to a student, and which are maintained by UL Lafayette or by a
party acting on behalf of UL Lafayette. Education records may exist in the form
of records, files, documents, or other media/materials.
The student
educational record contains directory and non-directory information. Directory
information is defined as information contained in the education records of a
student that would not generally be considered harmful or an invasion of
privacy if disclosed. As such, directory information may be disclosed without
prior consent of the student. Directory information at UL Lafayette includes:
student name, address(es), telephone number(s), classification, email address,
photograph, place and date of birth, major field of study, dates of attendance,
degree and date received, academic awards and honors, the most recent previous
education agency or institution attended by the student, participation in
officially recognized activities and sports, and weight and height of members
of athletic teams.
Non-directory
information is any educational record not classified as directory information.
This private information is not released to anyone, including parents of the
student, without written consent from the student, or under the strict
exceptions as defined under the FERPA law.
The University
maintains policies that ensure compliance with
FERPA. Employees of UL
Lafayette may need access to student records to perform their job duties.
Examples include employees in the academic colleges, academic departments, and
academic/student support areas. Employees are responsible for protecting the
confidentiality, integrity, and security of records that they access.
Prior to
receiving access to student information via Banner, employees must submit an
official security request through the Help Desk. The request
requires the employee to specify the type of student information they are
requesting, and to provide a justification describing the job duties that
require the access. The security request must then be approved by the
employee’s supervisor before it will proceed. Once the supervisor approves, the
request is then submitted to the Registrar’s
Office for review and action, if warranted. If it is determined that the
employee legitimately requires access to the requested student information in
order to perform official duties, the Registrar’s Office will conduct
appropriate training with the employee on the proper use
of the Banner screens and FERPA. Once training is completed, access is granted to
the employee.
Accuracy and
integrity of student records is accomplished via a number of processes,
procedures, and internal controls.
Final grades are
reported by instructors of record at the conclusion of a semester/term during
the assigned grading period. The Registrar’s Office opens grading on Banner and
communicates instructions to instructors of record. Instructors enter final
grades via their secure Banner login. At the conclusion of the grade reporting
period, the Registrar’s Office closes grading access on Banner and posts grades to student records.
Changes to
student records are handled via established business processes and procedures.
Students may initiate a change of address, change of name, change of social
security number, etc., by contacting the Registrar’s Office. The student must
complete the appropriate change request form and provide all appropriate
documentation (such as a marriage certificate or court order for a name
change). The Registrar’s Office processes all appropriate records changes and
maintains appropriate documentation on file. Grade changes are
initiated by faculty and must be signed by the Department Head and
Dean before being hand-delivered to the Registrar’s Office.
The Office of Enterprise Application Services
(EAS) has established policies and procedures to protect the security of
student records. Individuals requiring access to information must log in using
their unique University Login Identification (ULID) through a single secure
login process. The user is authenticated and then granted access to the data
using Louisiana state security protocols (unique identifiers and passwords).
Access by students to these services is controlled via the secure login profile
established by each eligible user. The profiles and unique identifiers are
maintained in a secured database or server that follows the Louisiana state
security standard with regard to the creation of a username and password as per
the State of Louisiana Office of Technology Services’ Information Security Policy. The password must conform to the state security and University
standards established with respect to length, type, and number of symbols and
characters. When appropriate or necessary, data passed over the Internet
through the web applications for faculty, staff, or students are encrypted.
Student academic records are maintained in the
University’s computer-based Integrated Student Information System (Banner),
which is provided and maintained by the University Office of Enterprise
Application Services. The student system as installed in the UL Lafayette
computing platform includes integrated modules for student admissions, student
records, registration, financial aid, student billing, accounts receivable, and
degree audit.
Student system access for administrative users
is granted based on a formal approval from the University administration and
based on the user’s position responsibilities. Banner user access is controlled
by standard system access profiles prescribed by administrative personnel for
various user categories. The University Registrar is the designated data
steward for student records and Banner subsystems that include business processes
associated with registration, course catalog and scheduling, advising, grade
management, degree audit, academic curriculum, and student data. Access to
sensitive system functions and capabilities is restricted to the smallest
practical number of administrative users. The Office of the Provost must
approve all external requests for student data. Access to Banner is deleted
upon student and staff exit from employment or any change of University status.
The Human Resources department initiates this process when an employee
separates from the University; the Information Technology department then
communicates with various campus areas to ensure that the employee’s access is
deactivated. This entire process takes place in and is documented on the Cherwell system.
Web-based student access to personal records
requires a secured socket layer connection across the Internet (256-bit
encryption). Such access requires authentication using a password selected by
the student. Students can also request that certain information be repressed.
EAS has established an inventory of all
devices that contain personal data in accordance with the Database Security Breach Notification
Law, SB205 Act 499, of the State of Louisiana.
The Database Security Breach Notification Law requires notification to any
Louisiana resident whose unencrypted personal information was, or is reasonably
believed to have been, acquired by an unauthorized person as a result of a
security breach.
Educational
records are maintained both centrally and within organizational units across
campus. Records are housed electronically in Banner, Banner Document Management
(BDM), and on shared drives on the University network.
Education records maintained in the academic colleges for their students may include data related to admissions, transfer credits, academic progress, graduation eligibility, faculty data, advising, change of academic program, petitions, appeals, transcript data, and internal academic data. Table 12.5 – 1 lists the locations of the academic colleges and schools that house student records.
Table 12.5 – 1: Academic Colleges and Schools that house student
records
|
College/School |
College Office and Records Location |
|
College of the Arts |
Fletcher Hall, Room 205 |
|
College of Business |
Moody Hall, Room 236 |
|
College of Education |
Maxim Doucet Hall, Room 105 |
|
College of Engineering |
Madison Hall, Room 106 |
|
College of Liberal Arts |
H.L. Griffin Hall, Room 101 |
|
College of Nursing and Allied Health Professions |
V.L. Wharton Hall, Room 254 |
|
College of Sciences |
Oliver Hall, Room 201 |
|
Graduate School |
Martin Hall, Rooms 217 and 332 |
|
University College |
DeClouet Hall, Room 104 |
Departmental
offices maintain education records that may include limited admissions and
transfer credentials, data on academic progress, faculty recommendations,
advisors’ comments relating to registration and changes of program, limited
placement data, departmental exam results, and foreign language proficiency
information.
Various University
support offices house student records, including the Registrar’s Office,
Academic Success Center, Academic Affairs – Academic Programs, Undergraduate
Admissions, and Financial Aid. Offices ensure the integrity of the data they
maintain via a combination of procedures manuals, employee training, and internal control methods.
Banner Security Request for access
form
Banner Security Request form on Help
Desk
Banner Security Request to remove
access form
Example FERPA material Covered During
Training
Faculty Grade Entry Training Guide
FERPA Policy University Catalog