Student Database Access Policy
For interpretation of this policy, please contact the responsible department:
Recognizing that computer access to student information in various databases is vital to the operation of administrative and academic offices and personnel, the following campus policy has been established concerning user appropriate access to databases.
The overriding factor in determining access permission is demonstrating that access is necessary to perform the job assigned to the requester. Two types of access are possible:
- Update capability
Most requests will be for display only and a set of standard screens will be made available. A few offices will need the capability of updating selected fields on specified screens.
In all cases, those having access to student data must keep in mind their responsibility to adhere to the guidelines established by the Family Educational Rights and Privacy Act of 1974 (FERPA) (Buckley Amendment). [Applicable sections of FERPA are accessible by clicking on this link.] Mandatory CSU online training is offered to address confidentiality and the appropriate use of student records residing in various databases. Module specific training sessions will also be required to gain access to the data on the screens. Completion of online training is a prerequisite to obtaining access. Individuals who need access to sensitive data (Level 1) will be required to login using two-factor authentication (DUO). DUO setup instructions will be sent to the user via campus email when their database access is granted.
Requests for access should be initiated with the designated individual in your college, division, and/or unit who has access to create Computerized Information Access (CIA) requests. The requests will be directed to the custodian of the database in which the requested data resides. That custodian will either authorize or deny access according to the policy established herein. In the case of denial, an appeal may be made to the custodian of the database for review and final decision.
The custodian of each database may implement additional conditions to ensure compliance with established policy.
System security is designed to limit the possibility of unauthorized users accessing data.
In summary, this policy is designed to facilitate user appropriate database access, not restrict it. This policy is subject to review and modification as necessary.