Data Collection
Data Collection
Data Collection
Sensitive Personal Data
What is sensitive data and how is it protected by law?
In the process of normal day-to-day university activities, University of Guam collects large amounts of personal data on its students, faculty, and staff.
Much of this data is not sensitive, and is in fact publicly available. However, some of it is sensitive, including personal, financial, and legal information. Sensitive data include information protected by federal law as well as that protected by university policy.
Examples of Protected Data
The following are some prominent examples of data protected by state and federal law and university policy. Often, context plays a role in data sensitivity; thus, this list is not exhaustive:
- Personal and financial data, including:
- Social Security number
- Credit card number or banking information
- Passport number
- Foreign visa number
- Tax information
- Credit reports
- Any information that can be used to facilitate identity theft (such as mother's maiden name)
- Federally protected data, including:
- FERPA-protected information (e.g., student information and grades)
- HIPAA-protected information (e.g., health, medical, or psychological information)
Family Education Rights and Privacy Act (FERPA)
The Family Education Rights and Privacy Act was enacted in 1974. FERPA protects the privacy of student education records. All educational institutions that receive federal funding, including University of Guam, must comply with FERPA.
HOW DOES FERPA APPLY TO COLLECTING/STORING STUDENT DATA?
Generally, a student's records cannot be shared without specific written consent by the student. These records include grades, class lists, course schedules, disciplinary records, and financial records.
A 2008 update to FERPA clarified that schools use "reasonable methods" to ensure school officials have access to only those records they need.
FERPA does allow "directory information" to be collected and contained because it's not generally considered harmful or an invasion of privacy if disclosed. Examples of directory information include:
- Student's name
- Phone number(s)
- Address(es)
- Email address(es)
- Degrees and awards received
- Most recent educational institution attended
- Augusta University photograph
- Major fields of study
- Participation in organized sports/activities
- Dates of Augusta University attendance
- Height/weight of athletic team members
- Thesis/Dissertation title and faculty mentor
- Employment title and contact information
Re-evaluate your form
STOP AND THINK
If you are handling or collecting critical information, such as Social Security numbers, financial information, driver's license numbers, or other sensitive personal data, determine if this information is really necessary.
- If you do not absolutely need the information to transact business, get rid of it! If you received that data from another source, tell them not to provide it to you anymore.
- If you do absolutely need it for the transaction, ensure you are handling it securely.
- Double check email addresses, fax numbers, telephone numbers before transmitting the data.