2022-2023 Administrative Policy Manual Published September 2, 2022 
    Jul 25, 2024  
2022-2023 Administrative Policy Manual Published September 2, 2022 [ARCHIVED COPY]

Student Education Records Management Policy

Policy Number: 10.9
Effective Date: February 20, 2023
Revision History: May 26, 2016
Policy Contact: Vice President for Enrollment Management and Institutional Research/Chief Enrollment Managment Officer

I. Purpose and Policy Statement

Georgia Gwinnett College (“GGC”) complies with the Family Educational Rights and Privacy Act of 1974 (“FERPA”), Health Insurance Portability and Accountability Act (“HIPAA”), Gramm-Leach-Bliley Act (“GLBA”) as well as other applicable privacy laws and policies. GGC limits access to student education records by applying the principle of least privilege to sensitive and restricted student education records. GGC protects the confidentiality, integrity, and availability of student education records by complying with requirements and recommendations documented in the University System of Georgia (“USG”) IT Handbook and Business Procedures Manual as well as other industry standards and best practices. GGC follows the University System of Georgia (“USG”) retention and disposition schedules for Student Records.

FERPA protects the privacy of student education records and gives eligible students the right to inspect and review their education records as well as the right to request correction of their records. FERPA applies to all schools that receive funds under an applicable program of the U.S. Department of Education. GGC publishes its annual FERPA notification on its website; this notification includes FERPA-related procedures for students.

In accordance with FERPA, the College permits disclosure without consent pursuant to the requirements of the law, including if the disclosure of information is to school officials with a legitimate educational interest, such as a person volunteering for or employed by the College in an administrative, supervisory, academic, research, or support staff position including law enforcement personnel; a person or company with whom the College has contracted such as an attorney, auditor, or collection agent; a person serving on the Board of Regents or GGC Foundation’s Board of Trustees; staff in the office of the Board of Regents or in the Office of the Georgia Attorney General; or a student serving on an official committee such as a disciplinary committee, or assisting another school official in performing his or her tasks. A school official has a legitimate educational interest if the official needs to review an educational record in order to fulfill his or her professional responsibility.

This policy will be reviewed annually.

II. Scope  

This policy applies to all Student Records as defined by USG and GGC.

III. Definitions

Directory Information: Georgia Gwinnett College (“GGC”) designates student’s name, major field of study, dates of attendance, and degrees conferred as directory information that may be disclosed without consent of the student. For GGC, this is the only information which could be considered “Directory Information” for FERPA or other purposes, including but not limited to external record requests.

Student Records: Include all documents in the Student Records series defined by the University System of Georgia (“USG”) in the USG records retention schedule. GGC reserves the right to designate additional records as student records based on business needs.

Eligible Student: When a student turns 18 years old, or enters a postsecondary institution at any age, the rights under FERPA transfer from the parents to the student.

IV. Roles and Responsibilities
  1. GGC Enrollment Management Services (“EMS”) oversees the management of student education records and related procedures. EMS reviews procedures on an annual basis. A breach of procedures will trigger notification of the Registrar and an immediate review of procedures.
  2. GGC Information Technology (“IT”) and EMS collaborate to comply with policy and employ industry standards and best practices to ensure the security of physical and digital student records that are classified as sensitive or restricted.
  3. All faculty and staff complete FERPA training annually; some employees receive additional role-based training.
  4. All community members are responsible for complying with policies, standards, and procedures.
V. Compliance

Individuals found to be in violation of this policy may be subject to disciplinary or legal action.

VI. Related Regulations, Statues, Policies, and Procedures

Family Educational Rights and Privacy Act of 1974 (FERPA)
GGC Privacy Notice
USG IT Handbook
USG Business Procedures Manual
Health Insurance Portability and Accountability Act
Gramm-Leach-Bliley Act
EU General Data Protection Regulation
APM 10.8 Data Management and Classification   
APM 11.1 Information Technology Compliance  
APM 11.50 Information Technology Institutional Policies and Standards  
APM 11.3 Information Security Policy  
APM Acceptable Use of Information Technology Resources Policy
Recording Class Sessions
Privacy Procedure for Online/Distance Education Students