Student Financial Aid Data Collection - Data Security
Complete Financial Aid Data Access Request Form and obtain supervisor, school
access administrator and Student Financial Services (SFS) signatures.
Access to this data in the warehouse will be given to users on a
global basis, and will not be restricted by school or department. If
a user has access to the tables they can see all information for all
students in all schools.
Regulations and Policies on Student Data
Federal regulations regarding access to student data are spelled out in
the Family Educational Right to Privacy Act (Buckley Amendment), commonly
known as FERPA. For more information, see http://www.upenn.edu/computing/da/dw/student/ferpa.html.
The University's policy on the Confidentiality of Student Records is
available at http://www.upenn.edu/privacy/policies_publications.htm.
Releasing Data Outside the University
The only office that may release financial aid data is Student
Financial Services (SFS). Requests for the data should be directed to
Keep a Log
You might want to keep a log of the reports you create, even if you are
giving it to someone within the University. The log might include:
- Who requested the data.
- When they made the request.
- What data they requested.
- Why they requested the data/how they planned to use it.
- What query and/or report you used.
Releasing Data Within the University
Within the University, financial aid data may be disclosed only if it is needed
to do the business of the University, and only to those who need to
the information in order to do their jobs. If you are not sure whether
to fulfill a request for data, contact Student Financial Services.
Questions you shoud ask to help decide whether to fulfill a request
for financial aid data:
- Who wants the information?
- Why do they want the information?
- For what purpose will the information be used?
- If they pass the information on to someone else, for what purpose
will that person use it? Note: Usually, the data should be for
the requestor's use only. No data should be posted online or in a public place.
- How will they secure the information once they have it?
- How will they dispose of the information when they are done with it?
For example, hard copy reports should be shredded.
Query Results. If you save query results as Excel, pdf or other type of local file, you must
see to it that any sensitive data stored on your peronal computer is safeguarded
through physical security, access control software, or encryption.
- Examples of physical security are locked offices and locked keyboards.
- Examples of access control software are a screen saver with password
protection (which your computer has been set up to initiate at startup)
or specialized desktop security software.
- If you encrypt your query results, you will need to decrypt them before
When a computer is left signed to an account, it is easy for someone to
gain unauthorized access. Either sign off from your account before you
leave your computer or restrict access by some other means (physical security
or access control software).
For more information on security, contact the University
Information Security Officer.