The privacy of student data is governed by a law known as FERPA – the Family Educational Rights and Privacy Act.
Under FERPA, student data is divided into two sections:
- Education records
- Directory data
An “education record” includes conventional things like GPA or grade transcripts, but also data derived from technologies like Canvas. Education records are strictly protected in the IU privacy program.
By contrast, “directory” data is public information such as name and home town. These items are not generally viewed as confidential. IU publishes a full list of directory categories in its Privacy Notice, as explained more fully below.
Each year you are a student, you will receive an email explaining your rights with respect to education records. This is your Privacy Notice. It will address such topics as who, and under what circumstances, other individuals (parents, employers, government agencies) are permitted to see your records. It will also explain whether we derive any of this data from others, and whether we share it (for example, with learning enhancement vendors) for your benefit.
The purpose of the Privacy Notice is to put you in control of your education records, and give you contact information if you have any concerns. These records are kept confidential for your benefit, subject to limited exceptions, and remain so even after you are no longer a student.
To learn more about IU's approach to student data, including our security practices, go to IU’s FERPA site. It includes a listing of directory categories and outlines the situations (law enforcement, health emergencies) in which education records can be shared with others.
Library data (collection searches, check-out history) is a special category of data with its own, long-standing rules of confidentiality. These rules apply to all library consumers, including students, faculty, staff, and the general public.
We encourage you to explore the links above and share any thoughts with us on this important subject at firstname.lastname@example.org.