Student Education Records

Definition: Records that contain information directly related to a student and that are maintained by the university or by a person acting for the university.

Governing Authority: The Family Educational Rights and Privacy Act (FERPA)

Responsible Operating Unit: Registrar's Office

Examples: Such data sets would include student transcripts and grades, degree information, class schedule, advising records, disciplinary records, athletics or department recruiting information, wire transfer information, financial aid, accounting, loan information, student tuition bills, advising records, and other non-directory information. For further information see the Registrar's FERPA website.

Special Considerations: Several years ago Ohio University used SSNs as identifiers, but has stopped using them. Instead, Ohio University uses a PID to identify individuals without needing to use a sensitive piece of information. The Information Security Office does not condone the storage of SSNs, and encourages departments to securely destroy such information according to their records retention schedules. 

List of IT Services & Tools

For the definition of terms related to the categories below, please reference the Glossary of Permission Levels.

Acceptable IT Services & Tools:

• Learning Managament Systems
  • Blackboard  be sure to review our Blackboard Help and Resources for more information.
  • Canvas be sure to review our Canvas Help and Resources for more information
• PeopleSoft
• OneDrive/O365 may not be used with sensitive university data, with the exception of Student Education Records (regulated by FERPA). Careful use of this data, in accordance with university policies and FERPA regulations, allows Microsoft Office 365 at OHIO to be used by the student in, and instructors for, a class.

Consultation Required:

• OnBase - With OIT consultation.
• NAS departmental shared storage (shared.ohio.edu) - With OIT consultation to ensure data is encrypted.
• NAS individual home storage (home.ohio.edu) - With OIT consultation to ensure data is encrypted.
• Qualtrics - With OIT consultation.

Not Permitted IT Services & Tools:

• OneDrive/O365 individual accounts.
• Personal cloud accounts.
• Personal/Non-University owned devices.

If you don't see the IT service or tool listed that you wish to use to store data classified as medium or high sensitivity, contact Information Security to determine if it's appropriate for your data type.