What information is confidential?

Confidential information must be protected from unauthorized disclosure or public release based on state or federal law. Examples of confidential information include but are not limited to the following:

  • Social Security numbers (SSNs)
  • Some Research Data
  • Credit card numbers
  • Financial account numbers
  • Student education records (including schedules)
  • Medical Records
  • Passwords

Federal confidentiality laws

Protecting Your Social Security number (SSN) Top 5

  1. Leave your card at home - Keep your Social Security card in a locked, safe spot at home.
  2. Use another form of identification - Offer a drivers license, passport or college ID instead.
  3. Use a shredder - Your SSN could be on mail, reports or work documents. Make sure to shred any material with personal information on it, including your SSN.
  4. Don’t use it - You may be tempted to use your SSN as a username or password because it is familiar. Data breaches can give hackers your usernames and passwords, gifting them your SSN.
  5. Monitoring services - Companies like LifeLock and Identity Guard offer protection services that will alert you if your SSN is being used.

Directory Information

Directory information refers to items of information contained in the educational record which may be released without the student's prior, written consent. Texas A&M University defines the following items as directory information:

  • Name
  • Universal Identification Number (UIN)
  • Address (Local)
  • Address (Permanent)
  • Telephone number (Local)
  • Telephone number (Permanent)
  • Email address
  • Program of study (college, major, campus)
  • Dates of attendance
  • Previous educational agencies/institutions attended
  • Participation in officially recognized activities and sports
  • Degrees, honors, and awards received
  • Classification

Students may place a directory hold on any or all of this information at https://howdy.tamu.edu. Once the student has placed a hold on his or her directory information, this information may not be released without the prior, written consent of the student.

What are the rules about storing and transferring confidential information?

Storing Confidential Information

University SAP 29.01.03.M1.16 Portable Devices requires encryption of Texas A&M related confidential information that resides on portable computing devices. It is recommended that all confidential data be encrypted even if it resides on stationary systems.

Credit Cards

University SAP 21.01.02.M0.03 Credit Card Collections defines the very stringent requirements for accepting credit card payments. See Credit Card Procedures and Policies for details.

Quick Checklist for Protecting FERPA Data

  • Post grades using secure technology (for help contact Instructional Technology Services at its@tamu.edu or 979.862.3977, or visit http://its.tamu.edu/).
  • Encrypt all confidential information.
  • Use UINs instead of Social Security numbers. Take the appropriate steps when Social Security numbers are necessary.
  • DO NOT allow students to see other students grades, even by sorting through a stack of papers to pick up their graded work.
  • DO NOT discuss the progress of any student with anyone other than the student (including parents/guardians) without the consent of the student.
  • DO NOT provide anyone with lists of students enrolled in classes for any commercial purpose.
  • DO NOT provide anyone with student schedules or assist anyone other than professional university employees in finding a student on campus.

How can I safely transfer confidential information?

Filex

Filex is an easy tool for transferring confidential information. Upload files to the Filex server and add email addresses for recipients. For files containing confidential or controlled information, Filex includes an encryption option. Filex sends a link via email to download the file, which the recipients click to obtain the file directly from the Filex server. If you selected the encryption option, Filex provides a key for you to send to your recipients to unlock the encrypted file.

Safe File Transfer Tools

If you need to transfer confidential information between two systems that you manage, use secure protocols like SCP or SFTP.

How can I safely store confidential information?

Encrypt Files

By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. When you use encryption, it is important to have a recovery plan in case you forget your key.

For details, see Security Control SC-13 Cryptographic Protection.

Individual File Encryption

You can encrypt individual files using Pretty Good Privacy (PGP) tools, which can also protect folders and emails. More information and free tools at gnupg.org.

Whole Disk Encryption

To better protect your data, consider whole disk encryption. It prevents a thief from even starting your computer without a passphrase. Windows includes BitLocker for internal drives and BitLocker To Go for removable drives. FileVault is a built-in tool for Mac computers. For additional information, visit the Knowledge Base.

How can I safely post grades?

FERPA requires that student grades be accessible only to individual students and other authorized personnel. Posting grades in a secure course management system (such as eCampus) is the preferred method for distributing grades online at Texas A&M University. Instructional Technology Services (ITS) can provide help in using instructional technologies.

If you do not use a Learning Management System, give students their grades individually.

What should I do if I know confidential information has been disclosed?

Report disclosures of confidential information as soon as you realize they have occurred by emailing ciso@tamu.edu. For additional details about reporting disclosure of sensitive personal information, see SAP 29.01.03.M1.24.

If you have any questions about FERPA, please contact the Office of the Registrar, Records Section at 979.845.1003 or records@tamu.edu.