Data Privacy and Data Practice
St Cloud State University must comply with two statues regarding data:
- State Statute: Minnesota Statutes, Chapter 13 - The Minnesota Government Data Practices Act (MGDPA)
- Federal Statute: Family Education Rights and Privacy Act of 1974 (FERPA)
MGDPA Information
The Minnesota Government Data Practices Act is a state law that establishes a presumption that government data are public unless a federal law, a state statute, or classification of data provides that the specific data are not public. The Minnesota Government Data Practices Act regulates all aspects of data, including the collection, creation, storage, maintenance, dissemination, and access to government data in government entities.
Data Request Forms and Information
For information about data classifications, data subject rights, member of the public rights, how to make a data request, costs associated with data requests, and how St. Cloud State University will respond to data requests, refer to the Data Practices policy and procedure.
Data Release Consent Form (pdf)
Data Practices Contact Information
Data Practices Compliance Official:
Judith Siminoe, Special Advisor to the President
AS 200 | 308-2122
jpsiminoe@stcloudstate.edu
Responsible Authority:
Larry Dietz, Interim President
AS 200, 308-2122
Data Access and Breach
In compliance with Minnesota Statute section 13.05, subd. 5, the St. Cloud State policy and procedure, Ensuring Safety of Non-Public Data, was establish to provide safeguards including that "not public data" are only accessible to persons whose work assignment reasonably requires access. Additionally, St. Cloud State provides data privacy training, data security resources, and follows Minnesota State Board Policy 5.23. Non-public data may be exposed to, or accessed by, non-authorized individuals in rare instances, such as when a work laptop is stolen or a USB Flash drive is lost. Any potential data breach should be immediately reported to the Data Practices Compliance Official (See Data Practices Contact Information section).
FERPA Information
FERPA is a federal law designed to protect the privacy of education records. FERPA applies to all educational agencies and institutions that receive funding under any program administered by the U.S. Department of Education and to private entities who perform services on behalf of those educational agencies and institutions.
Student Rights Under FERPA
This information is also sent in an annual notice to all enrolled students, as required by FERPA
- The right to inspect and review the student’s education record within 45 days of the day the University receives a written request for access.
- The right to request the amendment of the student’s education records that the student believes is inaccurate, misleading or otherwise in violation of the student’s privacy rights under FERPA.
Request to Amend or Remove (PDF)
Request for a Formal Hearing (PDF)
- The right to provide written consent before the University discloses personally identifiable information (PII) from the student’s education records, except to the extent that FERPA authorizes disclosure without consent.
- The right to file a complaint with the U.S. Department of Education concerning alleged failures by the University to comply with the requirements of FERPA. The name and address of the Office that administers FERPA is:
Family Policy Compliance Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, DC 20202-4605
Website
FERPA Authorization of Disclosure without Consent
Generally, a student must provide written consent using the Data Release Consent Form before the University will release personally identifiable information (PII) from a student record. FERPA has made exceptions to this ruling that allows schools to disclose PII without consent in the following circumstances and/or to the following parties:
- School officials (University employees or others performing services for the University) who have a legitimate educational interest in the records in order to perform their duties
- Another school in which the student seeks or intends to enroll
- Accrediting organizations
- To determine the eligibility, amount, and/or conditions of financial aid, and to determine and enforce the terms and conditions of the aid
- Parents of dependent students if either parent has claimed the student as a dependent on their most recent year's income tax statement
- Parents or other appropriate parties in connection with a health or safety emergency
- Parents of a student under the age of 21 if that student violates any Federal, State, or local law, or any rule or policy of the school governing the use or possession of controlled substances or alcohol
- Certain government officials involved in audit or evaluation of Federal or State supported programs, or for the enforcement of or compliance with the legal requirements of those programs
- Organizations conducting studies on behalf of the school for the purposes of improving instruction or administering predictive tests or student aid programs
- To comply with a judicial order or lawfully issued subpoena
- To provide an alleged victim of a crime of violence or non-forcible sexual offense with the final results of a disciplinary proceeding with respect to the alleged crime
- To any third party the final results (which can only include the alleged perpetrator’s name, the violation committed, and any sanctions imposed) of a disciplinary proceeding related to a crime of violence or non-forcible sexual offense if the student who is the alleged perpetrator is found to have violated the school’s rules or policies
- Anyone requesting Directory Information unless the student has opted to restrict this information. (SEE Directory and Limited Directory Section)
Definitions:
Dependent Student: a student who is a qualifying child or relative as defined in 26 U.S. Code § 152 of the Internal Revenue Code.
Directory Information: information contained in the education records of a student that would not generally be considered harmful or an invasion of privacy if disclosed. (See SCSU’s approved Directory Information List)
Education records: records that are directly related to a “student” and maintained by an “educational agency or institution” or by a party acting for the agency or institution. (The term “student” excludes individuals who have not been in attendance at the agency or institution.)
Financial Aid: payment of funds provided to an individual (or payment in kind of tangible or intangible property to the individual) that is conditioned on the individual's attendance at a school.
Legitimate Educational Interest: interests related to pursuits of higher education, conduct or discipline, the well-being of the student body, or the overall goals of the school which may include, but is not limited to teaching, research, advising, counseling, investigations, job placement, financial assistance, medical services, safety, student government, clubs, intramural sports, events, and public service. A school official only has a legitimate educational interest if the information is required to fulfill his/her professional responsibilities.
Personally Identifiable Information: data including a student’s name and other direct personal identifiers, such as the student’s SSN or student number or biometric identifiers such as fingerprints, DNA, handwriting, or facial characteristics. PII also includes indirect identifiers, such as the name of the student’s parent or other family members; the student’s or family’s address, and personal characteristics or other information that would make the student’s identity easily traceable.
School Officials: parties such as professors; instructors; administrators; health staff; counselors; attorneys; clerical staff; trustees; members of committees and disciplinary boards; and a contractor, volunteer or other party to whom the school has outsourced institutional services or functions.
Restricting Disclosure
A student may choose to restrict their directory/limited directory (SEE Directory and Limited Directory Section) information from being disclosed by completing a Request to Restrict Information Disclosure form. There are a few things students should understand about this restriction:
- Even if a restriction is placed, a student’s name can still be disclosed in on-site or online classes.
- Even if a restriction is placed, St. Cloud State will still use a student’s directory information as needed to perform university business such as processing a financial aid application or preparing a diploma.
- There may be consequences or inconveniences related to restricting disclosure including, but not limited to, St. Cloud State becoming unable to: notify a potential employer of awards or degrees earned; include a student’s name in the commencement program; or acknowledge participation in a sport or student organization to a scholarship approval/advisory committee.
- A student’s restriction remains in effect until we receive a formal written request to remove the restriction. This holds true even if a student has graduated or ceases to be enrolled. There is a section at the bottom of the Request to Restrict Information Disclosure form provided for this purpose.
Directory and Limited Directory
St. Cloud State may release the following directory information without authorization unless a restriction has been placed.
Directory Data List
- Name
- Hometown
- Most recent previous educational institution
- Enrollment status
- Class level (freshman, sophomore, etc.)
- Major and minor field of study
- Dates of attendance
- Degrees and dates awarded
- Non-financial honors/awards and dates awarded
- Weight and height of athletic team members
- Participation in official recognized activities and sports and participation dates
St. Cloud State University Approved Limited Directory List
St. Cloud State has chosen to adopt a limited directory policy as allowed by FERPA. This means St. Cloud State will limit to whom, and the purposes for which, the listed limited directory data are disclosed - unless a restriction has been placed.
Limited Directory Data List
- Campus & Non-campus email address
- Local and permanent mailing address
- Telephone numbers
- StarID
- Photo
St. Cloud State will not provide a student’s limited directory data to outside parties intending to use the information for strictly commercial marketing purposes, nor will we knowingly make the information readily available to potential identity predators. To this end, St. Cloud State has removed its online student directory. This data will only be used by St. Cloud State and the Minnesota State system as needed for university purposes. Examples include, but are not limited to:
- a photo on a student ID;
- a global address list or directory (i.e. the Microsoft Office Address Book) accessible to Minnesota State students and employees;
- to support the efforts of groups or organizations offering legitimate student social/academic opportunities, such as Students United or verifiable honors societies.
- to support the efforts of the U.S. Census Bureau (click the box below for more information)
- to support the efforts of the St. Cloud State University Foundation and Alumni Relations (click the box below for more information)
Census Bureau Limited Directory
In addition to the data items in the approved directory and limited directory lists, SCSU will provide the U.S. Census Bureau with the following information - unless a restriction has been placed:
- Age
- Date of Birth
- Sex
- Race
- Origin (whether or not Hispanic)
SCSU Foundation/Alumni Relations Limited Directory
In addition to the data items in the approved directory and limited directory lists, SCSU will provide the St. Cloud State University Foundation and Alumni Relations with the following to support their mission of alumni engagement and resource development - unless a restriction has been placed:
- Maiden Name
- Date of Birth
- Gender
- Marital Status
- Ethnicity
- SCSU College or School
- Tech ID
- International Address (if applicable)
- Residence Hall Name
- Student Employment (yes or no)
- Internships (yes or no)
- Study Abroad (yes or no & country)
- Season Ticket Holders (yes or no)