Pennant Accounts Data Security
See Data Training for the training prerequisites.
To request access, submit the eform for Pennant Accounts, located in the Data Warehouse section of the Penn eForms page. Access will be granted only after all prerequisite training is completed.
Access to the Pennant Accounts data in the warehouse will be given to users on a
global basis, and will not be restricted by school or department. If
a user has access to the tables they can see all transactions for all
students in all schools. Users of Pennant Accounts data also have access to the student data that comes from the Student Records System (SRS).
Regulations and Policies on Student Data
Federal regulations regarding access to student data are spelled out in
the Family Educational Right to Privacy Act (Buckley Amendment), commonly
known as FERPA. For more information, see http://www.upenn.edu/computing/da/dw/student/ferpa.html.
The University's policy on the Confidentiality of Student Records is
available at http://www.upenn.edu/privacy/policies_publications.htm.
Releasing Data Outside the University
The only office that may release Pennant Accounts data externally is Student
Financial Services (SFS). Requests should be directed to
Releasing Data Within the University
Within the University, Pennant Accounts and Student data may be disclosed only if it is needed
to do the business of the University, and only to those who need to
the information in order to do their jobs. If you are not sure whether
to fulfill a request for student billing data, contact Student Financial Services.
Questions you shoud ask to help decide whether to fulfill a request
for student billing data:
- Who wants the information?
- Why do they want the information?
- For what purpose will the information be used?
- If they pass the information on to someone else, for what purpose
will that person use it? Note: Usually, the data should be for
the requestor's use only. No data should be posted online or in a public area.
- How will they secure the information once they have it?
- How will they dispose of the information when they are done with it?
For example, hard copy reports should be shredded.
Query Results. If you save your query results as Excel, pdf, or other type of local file, you must
see to it that any sensitive data stored on your peronal computer is safeguarded
through physical security, access control software, or encryption.
- Examples of physical security are locked offices and locked keyboards.
- Examples of access control software are a screen saver with password
protection (which your computer has been set up to initiate at startup)
or specialized desktop security software.
- If you encrypt your query results, you will need to decrypt them before
accessing them with Business Objects.
When a computer is left signed to an account, it is easy for someone to
gain unauthorized access. Either sign off from your account before you
leave your computer or restrict access by some other means (physical security
or access control software).
For more information on security and privacy, contact the Office of Information Security.