Reminder for instructors about the confidentiality of student records and some helpful tips on how to keep your online accounts secure.
*******************************************************************************************
Dear UH Faculty, Staff, and Administrators:
Welcome to the start of the new academic year! The University of Hawaiʻi is responsible for maintaining the confidentiality of student education records and monitoring the release of information from those records, in compliance with the Family Educational Rights and Privacy Act (FERPA).
UH employees with access to student education records have a legal responsibility to protect the privacy of students by using information only for legitimate educational reasons to instruct, advise, or otherwise assist students. FERPA also assures certain rights to students regarding their education records. These rights do not transfer to parents, guardians, spouses, or other family members without the express written permission of the student.
What is FERPA?
The Family Educational Rights and Privacy Act of 1974, as amended (also known as the Buckley Amendment), affords students four primary rights with respect to their education records.
They have the right to:
1. Inspect and review their education records;
2. Have some control over the disclosure of information from their education records;
3. Seek to amend incorrect education records;
4. File a complaint with the U.S. Department of Education's Family Policy Compliance Office.
Learn more about how FERPA at:
datagov.intranet.hawaii.edu/ferpa/
datagov.intranet.hawaii.edu/ferpa-guidance-for-online-lectures-and-recordings/
Data Privacy and Security Best Practices
Protect your UH email account! Reduce the risk of your UH username and password from being compromised with the following cyber hygiene best practices.
Do not use your UH username and password when establishing other accounts. If you are required to use your UH username to verify you are a UH employee, then be sure to use a different password. Duplicating your UH login information is a security risk because if the third party has a data breach, your UH username and password will be compromised. For example, many UH student accounts have been exposed through a massive data breach within the education technology company Chegg in 2018. If you require your students to use a third party application for class assignments, please advise them to create unique account credentials.
Never re-use passwords that have been exposed. Once your login information has been exposed, hackers continue to have access to them.
Do not share your UH username and password with others. Keep your UH credentials confidential.
Check whether your UH email has been exposed.
https://link.edgepilot.com/s/fc9f06cd/YY5GB0ZPhUCI2ENZY9pYQA?u=https://haveibeenpwned.com/
Remain alert for phishing scams.
Best Practices involving Third Party Software/Services
(including AI and other online tools used in the classroom)
If students or other users need to create an account, inform them to not use their UH username and password, if possible. Mirroring credentials poses a security risk.
Do not forget about your data after a contract or subscription ends, especially if there is Sensitive or Regulated data (https://link.edgepilot.com/s/713ddce5/dFIhAQTVCE_O7H2X8c0E6A?u=https://datagov.intranet.hawaii.edu/institutional-data-classification-levels/) involved. Remind students or other users to delete their account and materials when the software product is no longer being used (e.g., when the class is over).
Faculty and staff who use generative Artificial Intelligence (“AI”) software tools should be aware that any data inputted will be retained by those models. Unless the vendor's terms of service and privacy policies state that your data will be kept confidential, assume that any data you inputted into the software will be retained forever and will be considered public information. Do not input personally identifiable information (“PII”) when using generative AI software. Avoid assigning classwork that requires students to submit PII about themselves or others and sharing non-PII data that are copyrighted, confidential, or may be potentially proprietary.
Questions?
Email the UH Data Governance Office at datagov@hawaii.edu.
Sincerely,
Alan Rosenfeld
Associate VP for Academic Programs and Policy
University of Hawaiʻi System