Southern Methodist University is committed to the privacy and security of its students' education records information.
It is the policy of the University to manage and protect the privacy and Personally Identifiable Information of all students, consistent with federal and state privacy laws. Personally Identifiable Information is protected by federal laws including but not limited to the Gramm-Leach-Bliley Act (“GLBA”) for the safeguarding of non-public information, the Family Educational Rights and Privacy Act (“FERPA”) for the protection of information contained in student records, and, to the extent applicable, the Health Insurance Portability and Accountability Act (“HIPAA”) for the management of protected health information.
Each SMU faculty and staff member with access to student records is expected to handle student records in a secure and confidential manner and in accordance with these laws and university policy.
Please refer to the OIT Policies and Legislation website found at https://www.smu.edu/OIT/Infosec/Policy for information about GLBA, HIPAA, and SMU’s Information Security Policy (12.5)
Family Educational Rights and Privacy Act (FERPA)
Our Records Policy complies with the Family Educational Rights and Privacy Act of 1974 (FERPA) that governs the access and release of information from a student's education records. The intent of the FERPA legislation is to protect the rights of students and to ensure the privacy and accuracy of education records. No student record information is released to a third-party (including parents) without the student's prior consent; however there are a few exceptions.
SMU stays informed of appropriate state and federal legal requirements, professional and ethical standards and policies at peer institutions as well as assists academic units in ensuring compliance to policies and procedures. University policies regarding FERPA are the responsibility of the University Registrar. Both the SMU Records Policy and the University Registrar FERPA website contain information on guarding the privacy and confidentiality of students' education records.
Please refer to the FERPA website.
On this site, of particular interest is the FERPA Essentials for Staff, and FERPA Essentials for Faculty.
Storage of student recordsPersonally identifiable student records most be stored in a secure manner that assures protection from non-authorized access. This typically means that records should be stored in storage cabinets or offices that can be locked and on devices that are encrypted and password protected. Records should not be stored in areas with open access. No paper records or files containing Personally Identifiable Information may be stored outside of the University premises without approval per Information Security Policy. No Personally Identifiable Information about a student may be stored on a non-University-owned Resource without approval per Information Security Policy.
Disposal of student recordsPhysical records and devices with personally identifiable student information (paper, disks, flash drives, etc.) should never be disposed of in the trash or in a non-secure manner. These records and devices should be shredded or disposed through a reputable commercial records disposal company such as Sierra Shed. If you need assistance in the disposal of records or devices, please contact Joe Papari, firstname.lastname@example.org.
Sell or bartering of personally identifiable studentSMU does not sell or barter personally identifiable student data unless there is a formal MOU in place that has been vetted and approved by the appropriate executive officer of the university.
Use of the SSNEffort should be made to not ask for or store a student’s social security number except where it is absolutely required, typically in Financial Aid, Employment and Payroll.
Permanent RecordsRecords that should be kept permanently should be captured and imaged in SMU AdminImages.SMU system. Contact Joe Papari for more information.
ContactJoe Papari Director of Enrollment Services for Student Systems and Technology