• Preamble
  • Guidelines


    The 1974 Family Educational Rights and Privacy Act (FERPA) protects the privacy of student records and regulates the conditions under which institutions may release student educational records.  Following passage of this legislation, Penn State implemented policy AD11 on Confidentiality of Student Records.  According to this policy, nothing other than the items defined as “directory information” can be shared without the student's consent.  Penn State may grant access to non-directory information to “university officials” for purposes of “legitimate educational interests,” both of which are defined in AD11

    In today's environment, with widespread decentralized access to institutional data through tools such as the data warehouse, it's imperative that we have clear guidelines on appropriate use of data. Marketing interests and private partnerships that engage Penn State in relationships with those who need specialized data are an ongoing challenge for those charged with the responsibility of safeguarding the privacy of students, employees, and others.  Employees need guidance and supervision in order to appropriately address the use of data to which the individual employee may have an otherwise legitimate use but is faced with a new request for the use of those data.


    Guidelines concerning appropriate use of University student data:

    If there are cases where having Penn State handle the mailing isn’t possible and it is deemed that the entity has important information for students, and if the release of the mailing list will not constitute an implicit disclosure of confidential information (e.g. all students with certain cum GPAs, all students who received a particular grade in a course, etc), then permission to share the mailing list must be granted by the Vice President and Dean for Undergraduate Education or the Dean of the Graduate School, as appropriate.  If the mailing list is shared with the entity, it must be made clear through a cover memo that the list may be used only to fulfill the purpose for which it was originally requested and must not be shared outside the entity.

    All research utilizing identifiable student data obtained from the University must be reviewed by a University Institutional Review Board prior to beginning the research. 

    Effective Date: November 4, 2009
    Date Approved: October 12, 2009
    Date Published: November 3, 2009

    Revision History (and effective dates):

    | top of this policy | GURU policy menu | GURU policy search | GURU home | GURU Tech Support | Accessibility Statement | Penn State website |