Data Privacy and Data Practice
Federal and State compliance
Protecting Protection of Personal and Educational Information
St. Cloud State University must comply with two statutes regarding data privacy:
- State Statute: Minnesota Statutes, Chapter 13 – the Minnesota Government Data Practices Act (MGDPA)
- Federal Statute: Family Educational Rights and Privacy Act of 1974 (FERPA)
MGDPA Information
The Minnesota Government Data Practices Act is a state law that establishes a presumption that government data is public unless a federal law, a state statute, or classification of data provides that the specific data is not public. The Minnesota Government Data Practices Act regulates all aspects of data, including the collection, creation, storage, maintenance, dissemination, and access to government data in government entities.
Data Request Forms and Information
For information about data classifications, data subject rights, member of the public rights, how to make a data request, costs associated with data requests, and how St. Cloud State University will respond to data requests, refer to the Data Practices policy and procedure.
Data Release Consent Form (pdf)
Data Practices Contact Information
Data Practices Compliance Official:
Judith Siminoe, Special Advisor to the President
AS 200 | 308-2122
jpsiminoe@stcloudstate.edu
Responsible Authority:
Larry Dietz, Interim President
AS 200, 308-2122
Data Access and Breach
In compliance with Minnesota Statute section 13.05, subd. 5, the St. Cloud State policy and procedure, Ensuring Safety of Non-Public Data, was established to provide safeguards including that "not public data" are only accessible to persons whose work assignment reasonably requires access. Additionally, St. Cloud State provides data privacy training, data security resources, and follows Minnesota State Board Policy 5.23. Non-public data may be exposed to, or accessed by, non-authorized individuals in rare instances, such as when a work laptop is stolen or a USB Flash drive is lost. Any potential data breach should be immediately reported to the Data Practices Compliance Official (see Data Practices Contact Information section).
FERPA Information
FERPA is a federal law designed to protect the privacy of education records. FERPA applies to all educational agencies and institutions that receive funding under any program administered by the U.S. Department of Education and to private entities who perform services on behalf of those educational agencies and institutions.
Student Rights Under FERPA
This information is also sent in an annual notice to all enrolled students, as required by FERPA.
- The right to inspect and review the student's education record within 45 days of the day the University receives a written request for access.
- The right to request the amendment of the student's education records that the student believes is inaccurate, misleading or otherwise in violation of the student’s privacy rights under FERPA.
Request to Amend or Remove (PDF)
Request for a Formal Hearing (PDF)
- The right to provide written consent before the University discloses personally identifiable information (PII) from the student’s education records, except to the extent that FERPA authorizes disclosure without consent.
- The right to file a complaint with the U.S. Department of Education concerning alleged failures by the University to comply with the requirements of FERPA. The name and address of the Office that administers FERPA is:
Family Policy Compliance Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, DC 20202-4605
FERPA Website
FERPA Authorization of Disclosure without Consent
Generally, a student must provide written consent using the Data Release Consent Form before the University will release personally identifiable information (PII) from a student record. FERPA has made exceptions to this ruling that allows schools to disclose PII without consent in the following circumstances and/or to the following parties:
- School officials (University employees or others performing services for the University) who have a legitimate educational interest in the records in order to perform their duties
- Another school in which the student seeks or intends to enroll
- Accrediting organizations
- To determine the eligibility, amount, and/or conditions of financial aid, and to determine and enforce the terms and conditions of the aid
- Parents of dependent students if either parent has claimed the student as a dependent on their most recent year's income tax statement
- Parents or other appropriate parties in connection with a health or safety emergency
- Parents of a student under the age of 21 if that student violates any Federal, State, or local law, or any rule or policy of the school governing the use or possession of controlled substances or alcohol
- Certain government officials involved in audit or evaluation of Federal or State supported programs, or for the enforcement of or compliance with the legal requirements of those programs
- Organizations conducting studies on behalf of the school for the purposes of improving instruction or administering predictive tests or student aid programs
- To comply with a judicial order or lawfully issued subpoena
- To provide an alleged victim of a crime of violence or non-forcible sexual offense with the final results of a disciplinary proceeding with respect to the alleged crime
- To any third party the final results (which can only include the alleged perpetrator’s name, the violation committed, and any sanctions imposed) of a disciplinary proceeding related to a crime of violence or non-forcible sexual offense if the student who is the alleged perpetrator is found to have violated the school’s rules or policies
- Anyone requesting Directory Information unless the student has opted to restrict this information. (SEE Directory and Limited Directory Section)
Definitions:
Dependent Student: A student who qualifies as a dependent under 26 U.S. Code § 152 of the Internal Revenue Code, either as a qualifying child or relative.
Directory Information: Information contained in a student's education records that would not generally be considered harmful or an invasion of privacy if disclosed. (See St. Cloud State University's approved Directory Information List.)
Education Records: Records that are directly related to a student and maintained by an educational agency or institution, or by a party acting on its behalf. (The term "student" excludes individuals who have not attended the agency or institution.)
Financial Aid: Payment of funds to an individual (or in-kind payment of tangible or intangible property) that is conditioned on the individual's attendance at a school.
Legitimate Educational Interest: A school official has a legitimate educational interest if the information is necessary to fulfill their professional responsibilities. This may include teaching, research, advising, counseling, conduct or discipline, student well-being, job placement, financial aid, medical services, safety, student government, clubs, intramural sports, events, or public service.
Personally Identifiable Information (PII): Data that includes a student's name and other direct identifiers, such as Social Security number, student ID number, or biometric data (e.g., fingerprints, DNA, handwriting, or facial features). PII also includes indirect identifiers such as the names of family members, addresses, personal characteristics, or other data that could make a student’s identity easily traceable.
School Officials: Individuals such as professors, instructors, administrators, health staff, counselors, attorneys, clerical staff, trustees, members of committees and disciplinary boards, and contractors or volunteers performing institutional services or functions on behalf of the school.
Restricting Disclosure
A student may choose to restrict their directory/limited directory (SEE Directory and Limited Directory Section) information from being disclosed by completing a Request to Restrict Information Disclosure form. There are a few things students should understand about this restriction:
- Even if a restriction is placed, a student’s name can still be disclosed in on-site or online classes.
- Even if a restriction is placed, St. Cloud State will still use a student’s directory information as needed to perform university business such as processing a financial aid application or preparing a diploma.
- There may be consequences or inconveniences related to restricting disclosure including, but not limited to, St. Cloud State becoming unable to: notify a potential employer of awards or degrees earned; include a student’s name in the commencement program; or acknowledge participation in a sport or student organization to a scholarship approval/advisory committee.
- A student’s restriction remains in effect until we receive a formal written request to remove the restriction. This holds true even if a student has graduated or ceases to be enrolled. There is a section at the bottom of the Request to Restrict Information Disclosure form provided for this purpose.
Directory and Limited Directory
St. Cloud State may release the following directory information without authorization unless a restriction has been placed.
Directory Data List
- Name
- Hometown
- Most recent previous educational institution
- Enrollment status
- Class level (freshman, sophomore, etc.)
- Major and minor field of study
- Dates of attendance
- Degrees and dates awarded
- Non-financial honors/awards and dates awarded
- Weight and height of athletic team members
- Participation in official recognized activities and sports and participation dates
St. Cloud State University Approved Limited Directory List
St. Cloud State has chosen to adopt a limited directory policy as allowed by FERPA. This means St. Cloud State will limit to whom, and the purposes for which, the listed limited directory data are disclosed - unless a restriction has been placed.
Limited Directory Data List
- Campus & Non-campus email address
- Local and permanent mailing address
- Telephone numbers
- StarID
- Photo
St. Cloud State will not provide a student’s limited directory data to outside parties intending to use the information for strictly commercial marketing purposes, nor will we knowingly make the information readily available to potential identity predators. To this end, St. Cloud State has removed its online student directory. This data will only be used by St. Cloud State and the Minnesota State system as needed for university purposes. Examples include, but are not limited to:
- a photo on a student ID;
- a global address list or directory (i.e. the Microsoft Office Address Book) accessible to Minnesota State students and employees;
- to support the efforts of groups or organizations offering legitimate student social/academic opportunities, such as Students United or verifiable honors societies.
- to support the efforts of the U.S. Census Bureau (click the box below for more information)
- to support the efforts of the St. Cloud State University Foundation and Alumni Relations (click the box below for more information)
Census Bureau Limited Directory
In addition to the data items in the approved directory and limited directory lists, St. Cloud State University will provide the U.S. Census Bureau with the following information - unless a restriction has been placed:
- Age
- Date of Birth
- Sex
- Race
- Origin (whether or not Hispanic)
SCSU Foundation/Alumni Relations Limited Directory
In addition to the data items in the approved directory and limited directory lists, St. Cloud State University will provide Advancement & Alumni Engagement with the following to support their mission of alumni engagement and resource development, unless a restriction has been placed:
- Maiden Name
- Date of Birth
- Gender
- Marital Status
- Ethnicity
- St. Cloud State University College or School
- Tech ID
- International Address (if applicable)
- Residence Hall Name
- Student Employment (yes or no)
- Internships (yes or no)
- Study Abroad (yes or no & country)
- Season Ticket Holders (yes or no)