St Cloud State University must comply with two statues regarding data:
The Minnesota Government Data Practices Act is a state law that establishes a presumption that government data are public unless a federal law, a state statute, or classification of data provides that the specific data are not public. The Minnesota Government Data Practices Act regulates all aspects of data, including the collection, creation, storage, maintenance, dissemination, and access to government data in government entities.
For information about data classifications, data subject rights, member of the public rights, how to make a data request, costs associated with data requests, and how St. Cloud State University will respond to data requests, refer to the Data Practices policy and procedure.
Data Release Consent Form (pdf)
Data Practices Compliance Official:
Judith Siminoe, Special Advisor to the President
AS 200 | 308-2122
jpsiminoe@devotec-nurb.com
Responsible Authority:
Robbyn Wacker, President
AS 200, 308-2122
In compliance with Minnesota Statute section 13.05, subd. 5, the St. Cloud State policy and procedure, Ensuring Safety of Non-Public Data, was establish to provide safeguards including that "not public data" are only accessible to persons whose work assignment reasonably requires access. Additionally, St. Cloud State provides data privacy training, data security resources, and follows Minnesota State Board Policy 5.23. Non-public data may be exposed to, or accessed by, non-authorized individuals in rare instances, such as when a work laptop is stolen or a USB Flash drive is lost. Any potential data breach should be immediately reported to the Data Practices Compliance Official (See Data Practices Contact Information section).
FERPA is a federal law designed to protect the privacy of education records. FERPA applies to all educational agencies and institutions that receive funding under any program administered by the U.S. Department of Education and to private entities who perform services on behalf of those educational agencies and institutions.
This information is also sent in an annual notice to all enrolled students, as required by FERPA
Request to Amend or Remove (PDF)
Request for a Formal Hearing (PDF)
Generally, a student must provide written consent using the Data Release Consent Form before the University will release personally identifiable information (PII) from a student record. FERPA has made exceptions to this ruling that allows schools to disclose PII without consent in the following circumstances and/or to the following parties:
Dependent Student: a student who is a qualifying child or relative as defined in 26 U.S. Code § 152 of the Internal Revenue Code.
Directory Information: information contained in the education records of a student that would not generally be considered harmful or an invasion of privacy if disclosed. (See SCSU’s approved Directory Information List)
Education records: records that are directly related to a “student” and maintained by an “educational agency or institution” or by a party acting for the agency or institution. (The term “student” excludes individuals who have not been in attendance at the agency or institution.)
Financial Aid: payment of funds provided to an individual (or payment in kind of tangible or intangible property to the individual) that is conditioned on the individual's attendance at a school.
Legitimate Educational Interest: interests related to pursuits of higher education, conduct or discipline, the well-being of the student body, or the overall goals of the school which may include, but is not limited to teaching, research, advising, counseling, investigations, job placement, financial assistance, medical services, safety, student government, clubs, intramural sports, events, and public service. A school official only has a legitimate educational interest if the information is required to fulfill his/her professional responsibilities.
Personally Identifiable Information: data including a student’s name and other direct personal identifiers, such as the student’s SSN or student number or biometric identifiers such as fingerprints, DNA, handwriting, or facial characteristics. PII also includes indirect identifiers, such as the name of the student’s parent or other family members; the student’s or family’s address, and personal characteristics or other information that would make the student’s identity easily traceable.
School Officials: parties such as professors; instructors; administrators; health staff; counselors; attorneys; clerical staff; trustees; members of committees and disciplinary boards; and a contractor, volunteer or other party to whom the school has outsourced institutional services or functions.
A student may choose to restrict their directory/limited directory (SEE Directory and Limited Directory Section) information from being disclosed by completing a Request to Restrict Information Disclosure form. There are a few things students should understand about this restriction:
St. Cloud State may release the following directory information without authorization unless a restriction has been placed.
Directory Data List
St. Cloud State has chosen to adopt a limited directory policy as allowed by FERPA. This means St. Cloud State will limit to whom, and the purposes for which, the listed limited directory data are disclosed - unless a restriction has been placed.
Limited Directory Data List
St. Cloud State will not provide a student’s limited directory data to outside parties intending to use the information for strictly commercial marketing purposes, nor will we knowingly make the information readily available to potential identity predators. To this end, St. Cloud State has removed its online student directory. This data will only be used by St. Cloud State and the Minnesota State system as needed for university purposes. Examples include, but are not limited to:
In addition to the data items in the approved directory and limited directory lists, SCSU will provide the U.S. Census Bureau with the following information - unless a restriction has been placed:
In addition to the data items in the approved directory and limited directory lists, SCSU will provide the St. Cloud State University Foundation and Alumni Relations with the following to support their mission of alumni engagement and resource development - unless a restriction has been placed: