Skip to body

Registrar

Security Policy for Safari Users

Print Document (PDF)

All employees of Central Washington University (administrative, academic, staff and student workers) are required to abide by the policies governing review and release of student education records. The Family Educational Rights and Privacy Act (FERPA), also known as the Buckley Amendment of 1974, mandates that information contained in a student’s education record must be kept confidential and outlines the procedures for review, release and access of such information.

Access to the Student Information System (SIS), also known as Safari will be granted to those individuals who have a legitimate educational interest in the data. The director of the functional area that oversees the student data being requested will grant access to specific student data, if deemed appropriate. Supervisors may request "Security Access" to Safari by completing the online form located at http://www.cwu.edu/its-training/safari-access-form.

Individuals who have been granted access to any part of the SIS database must understand and accept the responsibility of working with confidential student records. The following rules apply to all university employees with a SIS/Safari account:

Individual and department passwords are to be kept confidential and should not be shared. When authority to access additional screens or systems is needed, employees should make a request through their supervisor, and the supervisor can request additional access using the Security Access form noted above. It is the responsibility of each departmental SIS custodian employee to keep their passwords confidential and to change passwords whenever they feel someone else may have obtained access to it.

FERPA guidelines state that officials of the university may be given access to student education records on a "need to know" basis and that such assessment be limited to job related, legitimate, educational interests. The information contained in a student’s education record may not be released to a third party without the written consent of the student. At its discretion, CWU may provide directory information without the consent of the student. Directory information is defined as the student’s name, university and permanent home addresses, telephone numbers, photograph, major field of study, class, participation in officially recognized activities and sports (and heights and weights of members of athletic teams), dates of attendance, degrees and awards received (including honor roll), and the most recent previous educational institution attended.

Examples of inappropriate use of student records are:

  1. Accessing or reviewing a student’s record without a legitimate educational interest.
  2. Releasing confidential student information (non-directory) to another student, University organization, person who does not have a legitimate educational interest or parents of a dependent student, without the student’s written authorization.
  3. Leaving reports or computer screens containing confidential student information in view of others that do not have a legitimate educational interest in data.
  4. Using the student information for personal business.
  5. Giving your password to another individual not authorized to use the SIS/Safari system or to view a particular screen.
  6. Discussing the information contained in the student record outside of the University or while on the job with individuals who do not have a legitimate educational interest in the information (need to know).


Under no circumstances should an employee give confidential information about students to any other students, other employees, or to any person who has not been authorized to receive such information by their departmental supervisor. Although directory information may be released without prior consent, any requests coming from students or from anyone off campus should be referred to Registrar Services.

** Students may request on Safari or from Registrar Services or Student Affairs that directory information concerning them not be released. No information may then be released without the student’s written consent. If a student has requested directory information be restricted, the following screen will appear on several of the Safari SIS screens indicated by the blue shade.

An example: Safari Example Image

Confidential Information

With the exception of the directory information listed above, all student records are considered to be confidential and are open only to University personnel who need the information to carry out their official responsibilities (assigned duties and functions). Although University personnel have authorized access to this information on a “need to know” basis, they are not permitted to release information to persons outside the University unless authorized in writing by the student, by a court order, or by the exceptions listed below under supplemental exceptions. Only the official or designated person responsible for the records has the authority to release them.

Release of Grades

Grades will be released to a student if picture-id is presented. Students may also obtain their grades on the Safari student information system or they can request that Registrar Services mail them a hard copy report. A form is available at Registrar Services or at the University Campus Center offices.

Posting of Grades

The posting of grades either by the student’s name, institutional identification number or social security number without the student’s written permission is a violation of FERPA. This includes posting of grades to a class website. Posting of grades can be accomplished either by obtaining the students un-coerced written permission or by using randomly assigned numbers that only the instructor and individual student know. The order of posting should not be alphabetic. Faculty may use "Blackboard" to post grades as long as a student-secured password exists.

Since there is no guarantee of confidentiality in transmitting information electronically via campus e-mail or through the Internet, faculty should refrain from sending grades via e-mail. If there is an unauthorized release of grades to someone who is not a school official, the institution would be in violation of FERPA if the student whose grades were illegally disclosed filed a complaint.

The returning of papers/exams via an "open" distribution system, e.g. stacking them on an open table, is a violation of a student's right to privacy, unless student(s) submits a signed waiver to the instructor for such purposes. However, the Department of Education suggests if faculty distribute openly after they have obtained a signed release of information, that the paper/exam should be in a sealed envelope.

Security Measures and Student Data

Faculty and staff should make every effort to protect student data following the procedures outlined in this document. In addition, faculty and staff should implement the following safeguards with any confidential information regarding student information.

  • Never save student data to a hard drive or desktop on your computer or laptop. Student confidential data should be saved to your personal N:/ or G:/ such that it will be backed-up by IT Department.
  • All desktop and laptops should be secured with password protected access that is not shared with others.
  • When working with student data, please remember to access your student data through the secure Novell network.
  • Make sure that if you are discarding any hard copy documents containing student data, that it should be placed in a special "shred" box, so your department can destroy the documents through a shredder. Do not just toss documents in your garbage or recycle bins since these containers are not actually shred.


Rights of Access and Review of Records

  1. Students have the right to inspect, review, or receive an interpretation of copies of their educational records, except as excluded below. This right may be exercised by submitting a written request to the custodial of the records to which access is desired. Such requests should be honored as quickly as possible and reasonable, normally within 48 hours; if detailed documentation and/or interpretation are required, the request should be honored within ten (10) days. In all cases, requests for such information must be honored within 45 days.


If a copy (ies) of a portion or all of the records in the student’s file is requested, the custodian of the records may charge a fee for copies made. The fee may not effectively prevent students from exercising their right to inspect and review (under supervision of a University employee) their records. You may not charge a fee to search for or to retrieve records. Each custodian of department records is responsible for requiring proper identification of the individual making the request about his/her records.

Limitation on Access

Educational institutions are not required to make available to students in institutions of post-secondary education the following records:

  1. Confidential letters and statements of recommendation that were placed in the education records prior to January 1, 1975.
  2. Financial records of the parents of the students or any information contained therein.
  3. Records maintained by a physician, psychiatrist, psychologist, or other recognized professionals are not open for student’s inspection. Students may, however, have an appropriate professional of their choosing inspect such records.
  4. Confidential recommendations for admission, employment, or honors are not open to student access if the student has waived his/her right to access.
  5. Law enforcement records maintained solely for law enforcement officials.
  6. Records of instructional, supervisory, and administrative personnel and auxiliary educational personnel, which are in the sole possession of the make and are not accessible or revealed to any other person except a substitute (an individual who performs on a temporary basis the duties of the individual who made the record).


Supplementary Exceptions

In addition to the student access stipulations, the Act provides that the University may release, without the student’s permissions, personally identifiable education records to:

  1. Officials or faculty of the University who have legitimate education interest (need to know to fulfill official responsibilities).
  2. Officials of other schools or school systems in which the students seek to enroll; in this instance, no notice of release of records needs to be sent to the student.
  3. Certain federal and state educational authorities: the Comptroller General of the United States, the Secretary, the Commissioner, and the Director of the National Institute of Education.
  4. Accrediting and University-approved testing agencies.
  5. Parents of dependent students (requires signed statement from parent confirming the student is dependent per Internal Revenue Code of 1954).
  6. Appropriate parties in connection with an emergency when the immediate health or safety of the student is threatened.
  7. Persons presenting an officially related judicial order of lawfully issued subpoena.
  8. Institutions from which the student has received or applied to for financial aid.


Right to Challenge Content of Records

A student may challenge the accuracy of handling of educational records maintained by the University on grounds that the records are inaccurate, misleading or otherwise violate the privacy or other rights of the students. Students who wish to exercise these rights should file a request with the custodian of the records in question. Appeals regarding their decisions should be made to the Vice President of Student Affairs.

Complaint Procedures

Students are encouraged to report any violations and seek redress from CWU officials responsible for the area in which the violation occurred. However, complaints regarding violations of rights accorded students by Section 438 of the Privacy Rights of Parents and Students Act or the regulations, may be submitted to the department of Health, Education and Welfare. Such allegations must be submitted in writing.
 

Enrollment Management