C. Protection of Information

Objective: To assess the strength of policies and procedures in place within the unit to ensure that student information is appropriately safeguarded.

Criteria: Much of student academic data is covered by the Family Education Rights and Privacy Act of 1974 (FERPA), which protects student rights with regard to educational records maintained by the Institute. Students have a right of access to their educational records; they have a right to challenge inaccurate information or information that might violate privacy; and have a right to be notified of their privacy rights.

Only certain Institute employees may have access to personally identifiable student information without student consent. These employees sign a statement that all student data obtained through the Warehouse is to be considered "Confidential" and that no personally identifiable information should be released without the written consent of the individual student. Further, the statement warns that failure to comply with FERPA guidelines will result in the loss of access privileges to the employee and possible loss of Federal Funds to the Institute.

Risk: Given the stringent Federal regulations (e.g., FERPA) regarding the protection of student data, if this data were disseminated inappropriately, it could negatively impact the student and potentially subject the Institute to significant financial penalties, legal liability, and negative publicity.