Student Data Training and Certification
All new employees with access to student information in Banner INB, Banner SSB, Cognos, TouchNet and Xtender will be required to complete four certifications before being granted access to data. FERPA and GLBA will be the only certifications required annually, and Data Handling and Protecting SSNs will be a one-time-only certification.
FERPA requires faculty, staff and administrative officers to treat education records in a legally specific manner. It outlines procedures for providing access to student records and for maintaining the privacy of student records, as well as institutional penalties for violation of its stipulations.
You will receive and annual recertification notice for FERPA and GLBA, 30 days prior to expiration. Your notification will come from firstname.lastname@example.org. If you do not complete your certification at that time, you will receive a final notification 7 days prior to expiration. If you do not complete certification at that time, your access to student data will be locked until you do so.
GLBA is a comprehensive federal law affecting Purdue University. The law requires us to develop, implement and maintain administrative, technical, and physical safeguards to protect the security, integrity, and confidentiality of customer information. This act is enforced by the Federal Trade Commission and has strong violation penalties. The Federal Trade Commission has officially stated that any college or university that complies with the FERPA act is also a financial institution subject to the requirements of GLBA.
HIPAA rules create a framework to protect the privacy and security of patients' and health plan member's health information. Purdue supports the goals of HIPAA and documents its commitment to comply with these laws in its HIPAA Regulations policy.
- For more information on HIPAA, including training and certification, click here
Handling of information relates to when you view, update, or delete data. It also refers to when you transfer the data from one location to another.
The training information provided refers to the minimum requirements. Individual areas across campus may have put more rigid requirements in place. If you have questions, please contact the Data Steward. Specific information on the handling of Student Data can be found by clicking on the link under Student Data Handling in the menu below.
- For information on the minimum data handling requirements, click here.
- To complete the Data Handling training and certification, click here
Effective July 1, 2006, Indiana joined several other states that have enacted laws to evoke penalties where Social Security numbers have been improperly disclosed. When a disclosure is impermissibly made, these penalties may impact the employee making the disclosure.
The Indiana law (Release of SSN, Indiana Code 4-1-10) states that except where otherwise permitted, "a state agency may not disclose an individual's Social Security number." However, SSN can be used in the following circumstances:
- The individual gives consent
- Where required by federal or state law
- Where required by court order
- When administering health benefits plans
- Various other federal laws requiring the use of SSN (i.e., U.S. Patriot Act)
- When disclosing to state, local, or federal agency
In order to help you understand the issues associated with the protection of SSNs, a one-time certification is required for all users of Banner, Cognos, TouchNet and Xtender.
- To complete the Protecting SSN training and certification, click here.