Handling Prohibited and Restricted Data Frequently Asked Questions
The following FAQ expands on the Data Classification Guidelines found at: dataclass.stanford.edu
Handling Prohibited and Restricted Data FAQ
Storing Student Information and Records
- May I retain any records related to students on my computer?
- May I store grades and notes about student performance on my computer?
- May I keep coursework submitted electronically by a student on my computer so I can comment on it, grade it, consider the work when it is time to review student performance for final grades and have records available in case a grade is challenged?
- May I store FERPA-protected educational records on an outboard hard disk or a portable device such as my phone or a USB flash drive?
- What information may I keep on my computer when I am reviewing student applications for graduate school and fellowships?
- How do I treat recommendations I write for my students?
- Can we require that students use blogs, wikis and social networking sites as part of Stanford courses?
- What if the functionality I need for my course isn’t possible on a Stanford-hosted blog, wiki or social networking site?
- What should I do if I need to send student information through email – either in the message or as an attachment?
- Are Postdoctoral scholars considered to be “students” for the purposes of FERPA?
Prohibited Information -- General
- May I store social security numbers, credit card numbers and other Prohibited Information on my computer?
- Are Stanford purchasing cards (PCard) and travel card (TCard) numbers considered to be Prohibited information?
- What happens if I inadvertently store Prohibited or Restricted Information on my computer?
- How should I securely store information?
- How do I access information securely from offsite?
- How should I backup information securely?
Prohibited and Restricted Data Handling Answers
The purpose of this FAQ is to answer commonly asked questions about the best practices for handling Prohibited and Restricted data .
Storing Student Information and Records
May I retain any records related to students on my computer?
In most cases information about a student is part of their educational record, protected by FERPA, and considered by Stanford to be Confidential Information during the academic year in which it is collected, and Restricted Information thereafter. In these cases, while not required, if you store the information on your computer we recommend that you encrypt the information using the Stanford Whole Disk Encryption Service and delete the protected information as soon as you no longer need it. It is permissible, however, to store the information unencrypted on your computer through the close of the academic year in which it was collected, at which point it must either be deleted or encrypted. Whole disk encryption is a relatively simple process to install and has virtually no impact on computer performance. Please see https://itservices.stanford.edu/service/encryption/wholedisk for more information.
Under very limited and specific circumstances, certain information is not considered to be part of the educational record and therefore not protected by FERPA. If the information is not part of the FERPA-protected educational record, then it may remain on your computer unencrypted indefinitely unless it contains other information that requires special handling, such as social security numbers, grades, etc.
Some of these circumstances are described in the questions below. If you have any questions about whether a particular piece of information is protected by FERPA or how best to handle it, please contact either Lauren Schoenthaler in the Office of the General Counsel at email@example.com or the University Privacy Officer at firstname.lastname@example.org.
May I store grades and notes about student performance on my computer?
There are different rules that apply to storage of a student’s grades and a professor’s notes about student performance.
If you are a faculty member or other instructor, sometimes your personal notes about student performance are not part of the FERPA-protected educational record and may be retained on your computer indefinitely. Under other circumstances, they are protected by FERPA and may be retained unencrypted on your computer only through the end of the current academic year.
Personal notes which provide you with the basis for your grading decisions are not protected by FERPA if (i) the notes are not shared with anyone else and (ii) you are the only one who has access to these files on your computer. While we would recommend that these notes be stored on a computer which has whole disk encryption, it is not required by our policy. However, if you share a computer and the files are not password protected, they may not be kept on your shared computer after the close of the current academic year unless encrypted.
If you share your notes with someone else (even your teaching assistant) or if a faculty member shares notes on student performance with you (even if you are also a faculty member), these notes are always part of the student’s educational record and may never be kept on your computer beyond the close of the current academic year unless encrypted.
If your personal notes include a course grade, the grade becomes part of the FERPA-protected educational record at the point it is shared with the Registrar's Office for posting in the students records. If you retain the grade in your notes after that point, the grade should either be encrypted or deleted prior to the close of the academic year.
May I keep coursework submitted electronically by a student on my computer so I can comment on it, grade it, consider the work when it is time to review student performance for final grades and have records available in case a grade is challenged?
Student’s papers and other coursework are part of the educational record and protected by FERPA. They may remain on your computer through the close of the academic year in which they were submitted, at which point they will need to be either deleted or encrypted. Please see question #1, above, for more information. Students have only 30 days in which to file an appeal related to a grade. After that point, if an appeal has not been filed, you may safely delete the work from your computer.
May I store FERPA-protected educational records on an outboard hard disk or a portable device such as my phone or a USB flash drive?
Yes – but the same rules apply. We suggest that the information be encrypted while stored and deleted as soon as it is no longer needed. If you store the information unencrypted, it must be deleted before the end of the academic year.
What information may I keep on my computer when I am reviewing student applications for graduate school and fellowships?
Before the student registers or enrolls at Stanford, their applications are not FERPA-protected. However, at the point they do enroll, this information becomes an educational record subject to FERPA protection and should either be deleted from your computer or encrypted before the close of the academic year in which the student registers.
Personal notes taken in connection with your review of graduate school and fellowship applications are not part of the student’s FERPA-protected educational record so long as the notes are for personal use only, do not contain information that is otherwise protected by FERPA, such as grades, or any Prohibited Information
How do I treat recommendations I write for my students?
The personal notes used to write graduate application and other recommendations are not FERPA-protected so long as the notes are for personal use only, do not contain information that is otherwise protected by FERPA, do not contain any Prohibited Information, and are not shared with others or stored on a shared computer. However, the actual recommendation may be protected by FERPA if it contains grades, GPA, etc. If the letter contains more than personal observations, it is considered to be part of the educational record and should be encrypted if retained on your computer.
Can we require that students use blogs, wikis and social networking sites as part of Stanford courses?
Blogs, wikis and social networking sites may be used in connection with Stanford courses provided: (i) the student is given notice that there will be a requirement to use a blog, wiki or social networking site in the description of the course contained in the Stanford Bulletin, and (ii) the course is not a required course to graduate in any major.
Whenever possible, the blog, wiki or social network site used should be one hosted by Stanford. Few third party sites are secure, and most do not have terms and conditions that require a level of confidentiality and privacy we believe is appropriate for either student or university confidential and restricted information.
What if the functionality I need for my course isn’t possible on a Stanford-hosted blog, wiki or social networking site?
What should I do if I need to send student information through email – either in the message or as an attachment?
Though not required, we encourage you to use secure email if you are sending FERPA-protected educational records. You can find more information about Stanford's secure email service at http://itservices.stanford.edu/service/secureemail/.
Be sure to encrypt any email and email attachments containing FERPA-protected educational records if you retain them beyond the close of the current academic year.
Are Postdoctoral scholars considered to be “students” for the purposes of FERPA?
Postdoctoral scholar records are not protected by FERPA and are considered to be Confidential Information under Stanford's information classification guidelines. Policies regarding handling of Confidential Information can be found at http://dataclass.stanford.edu.
Prohibited Information -- General
May I store social security numbers, credit card numbers and other Prohibited Information on my computer?
In general, the answer is no. You should store no Prohibited Information on your computer. Prohibited Information includes Social Security numbers, credit card numbers, bank and other financial account numbers, health insurance account numbers, and driver’s license numbers. While we do not recommend storing any of this highly sensitive information unencrypted on your computer, if you wish, you may store your own personal Prohibited Information, and that of your family members, with the understanding that this information is not secure and you will be deemed to have accepted all risk of loss and damage if this information is inappropriately accessed.
Are Stanford purchasing cards (PCard) and travel card (TCard) numbers considered to be Prohibited information?
No. PCard and TCard numbers are not Prohibited Information because these cards are not held by an individual, but rather are held in Stanford University’s name. However, because they are credit cards, they should still be handled with care. Information regarding PCard use can be found at http://fingate.stanford.edu/staff/buypaying/about_PCard.html. Information regarding TCard use can be found at http://fingate.stanford.edu/staff/travel/travel_card_stanford.html.
What happens if I inadvertently store Prohibited or Restricted Information on my computer?
The short answer is “Don’t”.
The impact to the University and the compromised individual is significant if Prohibited or Restricted Information on your computer is inappropriately accessed. The University provides you with the technical tools you need to protect our valuable information assets. We rely on you to be responsible for the information under your control. Please carefully review the files stored on your computer to ensure that there is no Prohibited Information and take care not to store it in the future. If you have any concerns that you may have Prohibited Information on your computer, the Information Security Office can help you scan your machine. Please contact the Information Security Office via HelpSU.
How should I securely store information?
Information stored on local personal computing equipment may be protected using the Stanford Whole Disk Encryption (SWDE) Service. For more information, please go to https://itservices.stanford.edu/service/encryption/wholedisk.
How do I access information securely from offsite?
Information can be accessed securely when you are located anywhere in the world if you use Stanford University Network Access Control (SUNAC). For more information, please go to https://itservices.stanford.edu/service/sunac.
How should I backup information securely?
IT Services offers several vendors for desktop backup and recovery services: Iron Mountain Connected, MozyPro and CrashPlan Pro. All are suitable for backup of non-public information. You will want to be sure that sensitive information is encrypted when it is transmitted to be backed up.
Here are instructions for choosing encryption methodologies for Mozy. Iron Mountain Connected encrypts the data before sending it by default.
Crashplan encrypts everything by default but you have 3 options:
- Secure Encryption Key with account password
- Secure Encryption Key with a private password
- Replace the default Encryption Key with own, custom key
Securing the encryption (private) key with your account password is not acceptable because is stores a copy of the encryption (private) key on the server. Using either of the other choices the encryption key is only stored locally.
Some systems may be using Tivoli Storage Manager (TSM) for backup. Although TSM is no longer supported by ITS, non-public information backed up using TSM should be encrypted. Instructions may be found at http://securecomputing.stanford.edu/tsm-client-encryption.html.