5.7. Confidential Student Information
Student ID numbers, grades, etc. are confidential information. Disclosure of private information is an extremely serious matter so all TAs should be very careful that private information is not posted on web sites, left laying around where others can see it, etc. Here are some specific rules:
- All TAs should know what information is public and what is private. See the student records policy page and the FERPA page if you are unsure about this. Note that not only are items like grades, student ID numbers, etc. private, but so are items like class lists. If you have any questions about whether information is private or public, please ask Liz Freppert or the department graduate TA supervisor before making it public.
- The FERPA rules apply not only to people outside the University and department, but also inside. So, for example, not only is it a FERPA violation to make class grades publically readable, or send them to someone outside the University; but it is also a FERPA violation to let CS&E office staff, system staff, TAs working on other classes, faculty other than the one you are TAing for, etc. view confidential files for the class you are TAing. Once again, if you have any questions on this please ask Liz Freppert or the department graduate TA supervisor. (Please note: Due to the insecurity of email, TAs should avoid using email to communicate FERPA protected information. For example, if different members of a course staff need to work with a grade file, they should set up the grade file in Google Drive and access it there directly rather than emailing the grade file to one another.
- If you use Google Drive to store confidential information: (i) make sure you use your U or M account (the account associated with your University user ID, not a personal account); (ii) be careful when sharing that information to ensure that you share it only with other course staff who need to access it, and not with anyone else.
- Note grade files and other similar files must *not* be stored on laptops, local machines, home computers, or in your home directory or /.www, /web, /project directories. Note this includes the class web directory (including having a .grades subdirectory in that directory).
- Also be careful with any hardcopies of private information. Please store such copies in a secure location, and shred them when you are done with them. You can give old hardcopies of grade files, etc. to the receptionist in the CS main office to be shredded.
- In general be very careful not to store confidential information --- whether student information or course information --- on a laptop, in the course web directory, or in your personal directory. This is not a spurious warning: the department has had more than one incident in the past where laptops have been stolen, or where information in a web directory was inadvertently made world-readable.