Policy Number: 10.9
Effective Date: January 17, 2025; December 18, 2024 (Interim Policy Effective Date)
Revision History: February 20, 2023; May 26, 2016
Policy Contact: Vice President for Enrollment Management and Institutional Research/Chief Enrollment Management Officer
I. Purpose and Policy Statement
Georgia Gwinnett College (“GGC”) complies with the Family Educational Rights and Privacy Act of 1974 (“FERPA”), Health Insurance Portability and Accountability Act (“HIPAA”), Gramm-Leach-Bliley Act (“GLBA”) as well as other applicable privacy laws and policies. GGC limits access to student education records by applying the principle of least privilege to sensitive and restricted student education records. GGC protects the confidentiality, integrity, and availability of student education records by complying with requirements and recommendations documented in the University System of Georgia (“USG”) IT Handbook and Business Procedures Manual as well as other industry standards and best practices. GGC follows the University System of Georgia (“USG”) retention and disposition schedules for Student Records.
GGC publishes its annual FERPA notification on its website; this notification includes FERPA-related procedures for students.This policy will be reviewed annually.
In accordance with FERPA, the College permits disclosure without consent pursuant to the requirements of the law, as set forth in paragraph VI below, including if the disclosure of information is to school officials with a legitimate educational interest, such as a person volunteering for or employed by the College in an administrative, supervisory, academic, research, or support staff position including law enforcement personnel; a person or company with whom the College has contracted such as an attorney, auditor, or collection agent; a person serving on the Board of Regents or GGC Foundation’s Board of Trustees; staff in the office of the Board of Regents or in the Office of the Georgia Attorney General; or a student serving on an official committee such as a disciplinary committee, or assisting another school official in performing their tasks. A school official has a legitimate educational interest if the official needs to review an educational record in order to fulfill their professional responsibility.
II. Scope
This policy applies to all Student Records as defined by USG and GGC.
III. Definitions
Directory Information: Under FERPA, “Directory Information” refers to student information that is not generally considered harmful or an invasion of privacy if disclosed. Georgia Gwinnett College (“GGC”) designates the following categories of information as Directory Information:
- Student’s name
- Hometown
- Institution-assigned email address. Under this category, an institution-assigned email address may be disclosed without consent only to other, current students. In addition, students may not request email listings of the entire student body or segments thereof, except for academic purposes.
- Major field of study
- Enrollment status (e.g., full-time, part-time)
- Participation in officially recognized activities and sports
- Dates of attendance
- Degrees, honors, and awards received
- Thesis/Dissertation title
- The most recent educational institution attended
- Height and weight of athletes
- Class level
Directory Information may be disclosed without the student’s prior written consent, unless the student has opted out of such disclosure (see Student Rights below). For GGC, this is the only information which could be considered “Directory Information” for FERPA or other purposes, including but not limited to external record requests.
Student Records: Include all documents in the Student Records series defined by the University System of Georgia (“USG”) in the USG records retention schedule. GGC reserves the right to designate additional records as student records based on business needs.
Eligible Student: When a student turns 18 years old, or enters a postsecondary institution at any age, the rights under FERPA transfer from the parents to the student.
IV. Roles and Responsibilities
- GGC Enrollment Management Services (“EMS”) oversees the management of student education records and related procedures. EMS reviews procedures on an annual basis. A breach of procedures will trigger notification of the Registrar and an immediate review of procedures.
- GGC Information Technology (“IT”) and EMS collaborate to comply with policy and employ industry standards and best practices to ensure the security of physical and digital student records that are classified as sensitive or restricted.
- All faculty and staff complete FERPA training annually; some employees receive additional role-based training.
- All community members are responsible for complying with policies, standards, and procedures.
V. Student Rights Under FERPA
- Right to Inspect and Review Education Records: Students have the right to inspect and review their education records within 45 days of submitting a written request to the Office of the Registrar. GGC will arrange access and notify the student of the time and place where the records may be inspected.
- Right to Request Amendment of Records: If a student believes their education records contain inaccurate or misleading information, they have the right to request an amendment. The request must be submitted in writing, clearly identifying the part of the record to be amended and explaining why it is inaccurate or misleading.
- Right to Provide Written Consent Before Disclosure: Students have the right to provide written consent before the institution discloses any personally identifiable information from their education records, except as authorized under FERPA. Directory Information, as defined above, may be disclosed without prior consent unless the student has opted out.
- Right to Opt-Out of Directory Information Disclosure: Students may choose to opt out of the disclosure of Directory Information by submitting a written request to the Office of the Registrar. Once the request is submitted, the institution will withhold Directory Information from public disclosure. Important: Opting out does not prevent the institution from disclosing Directory Information to school officials with legitimate educational interests, including certain institution administrators, faculty, and contracted service providers.
- Right to File a Complaint with the U.S. Department of Education: Students who believe the institution has failed to comply with FERPA may file a complaint with the U.S. Department of Education at the following address:
Family Policy Compliance Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, DC 20202-8520
VI. Disclosure Without Consent
- GGC may disclose education records without a student’s prior written consent to certain parties under certain conditions, as allowed by FERPA, including:
- School officials with legitimate educational interests.
- Other schools to which a student is transferring.
- Specified officials for audit or evaluation purposes.
- Appropriate parties in connection with financial aid.
- Organizations conducting certain types of studies for or on behalf of the school.
- Accrediting organizations.
- Compliance with a judicial order or lawfully issued subpoena.
- Appropriate officials in cases of health and safety emergencies.
VII. Compliance
Individuals found to be in violation of this policy may be subject to disciplinary or legal action.
VIII. Related Regulations, Statues, Policies, and Procedures
Family Educational Rights and Privacy Act of 1974 (FERPA)
GGC FERPA Web Page
GGC Privacy Notice
USG IT Handbook
USG Business Procedures Manual
Health Insurance Portability and Accountability Act
Gramm-Leach-Bliley Act
EU General Data Protection Regulation
APM 10.8 Data Management and Classification
APM 11.1 Information Technology Compliance
APM 11.50 Information Technology Institutional Policies and Standards
APM 11.3 Information Security Policy
APM 11.50.1.1 Acceptable Use of Information Technology Resources Policy
Recording Class Sessions
Privacy Procedure for Online/Distance Education Students
|