Louisiana State University and A&M College

  1. Home
  2. COMPLIANCE CERTIFICATION
  3. PART 1. Signatures Attesting to Compliance
  4. PART 2. List of Substantive Changes Approved Since the Last Reaffirmation
  5. PART 3. Institutional Assessment of Compliance
    1. Section 2: Core Requirements
      1. 2.1 Degree-granting Authority
      2. 2.2 Governing Board
      3. 2.3 Chief Executive Officer
      4. 2.4 Institutional Mission
      5. 2.5 Institutional Effectiveness
        1. 2.5 Institutional Effectiveness (Continued)
      6. 2.6 Continuous Operation
      7. 2.7.1 Program Length
        1. 2.7.1 Program Length (Continued)
      8. 2.7.2 Program Content
      9. 2.7.3 General Education
      10. 2.7.4 Course work for Degrees
      11. 2.8 Faculty
      12. 2.9 Learning Resources and Services
      13. 2.10 Student Support Services
        1. 2.10 Student Support Services (Continued)
      14. 2.11.1 Financial Resources
      15. 2.11.2 Physical Resources
    2. Section 3: Comprehensive Standards
      1. 3.1.1 Mission
      2. 3.2.1 CEO evaluation/selection
      3. 3.2.2 Governing board control
      4. 3.2.3 Board conflict of interest
      5. 3.2.4 External Influence
      6. 3.2.5 Board dismissal
      7. 3.2.6 Board/administration distinction
      8. 3.2.7 Organizational structure
      9. 3.2.8 Qualified administrative/academic officers
      10. 3.2.9 Personnel appointment
      11. 3.2.10 Administrative staff evaluations
      12. 3.2.11 Control of intercollegiate athletics
      13. 3.2.12 Fund-raising activities
      14. 3.2.13 Institution-related entities
      15. 3.2.14 Intellectual property rights
      16. 3.3.1 Institutional Effectiveness
        1. 3.3.1.1
          1. 3.3.1.1 (Continued)
        2. 3.3.1.2
        3. 3.3.1.3
          1. 3.3.1.3 (Continued)
        4. 3.3.1.4
          1. 3.3.1.4 (Continued)
        5. 3.3.1.5
          1. 3.3.1.5 (Continued)
      17. 3.4.1 Academic program approval
      18. 3.4.2 Continuing education/service programs
      19. 3.4.3 Admissions policies
      20. 3.4.4 Acceptance of academic credit
      21. 3.4.5 Academic policies
      22. 3.4.6 Practices for awarding credit
      23. 3.4.7 Consortial relationships/contractual agreements
      24. 3.4.8 Noncredit to credit
      25. 3.4.9 Academic support services
        1. 3.4.9 (Continued)
        2. 3.4.9 (Continued - 2)
      26. 3.4.10 Responsibility for curriculum
      27. 3.4.11 Academic program coordination
      28. 3.4.12 Technology use
      29. 3.5.1 General education competencies
      30. 3.5.2 Institutional credits for a degree
      31. 3.5.3 Undergraduate program requirements
      32. 3.5.4 Terminal degrees of faculty
      33. 3.6.1 Post-baccalaureate program rigor
        1. 3.6.1 Post-baccalaureate program rigor (Continued)
      34. 3.6.2 Graduate curriculum
      35. 3.6.3 Institutional credits for a graduate degree
      36. 3.6.4 Post-baccalaureate program requirements
      37. 3.7.1 Faculty competence
      38. 3.7.2 Faculty evaluation
      39. 3.7.3 Faculty development
      40. 3.7.4 Academic freedom
      41. 3.7.5 Faculty role in governance
      42. 3.8.1 Learning/information resources
      43. 3.8.2 Instruction of library use
      44. 3.8.3 Qualified staff
      45. 3.9.1 Student rights
      46. 3.9.2 Student records
      47. 3.9.3 Qualified staff
      48. 3.10.1 Financial Stability
      49. 3.10.2 Financial aid audits
      50. 3.10.3 Control of finances
      51. 3.10.4 Control of sponsored research/external funds
      52. 3.11.1 Control of physical resources
      53. 3.11.2 Institutional environment
      54. 3.11.3 Physical facilities
      55. 3.12.1 Substantive change
      56. 3.13 Policy compliance
        1. 3.13.1 "Accrediting Decisions of Other Agencies"
        2. 3.13.2. "Collaborative Academic Arrangements: Policy and Procedures"
        3. 3.13.3. "Complaint Procedures Against the Commission or Its Accredited Institutions"
        4. 3.13.4. "Reaffirmation of Accreditation and Subsequent Reports"
          1. 3.13.4.a.
          2. 3.13.4.b.
      57. 3.14.1 Publication of accreditation status
      58. 3.13.5. "Separate Accreditation for Units of a Member Institution"
        1. 3.13.5.a.
        2. 3.13.5.b.
    3. Section 4: Federal Requirements
      1. 4.1 Student Achievement
      2. 4.2 Program curriculum
        1. 4.2 Program curriculum (Continued)
      3. 4.3 Publication of policies
      4. 4.4 Program length
        1. 4.4 Program length (Continued)
      5. 4.5 Student complaints
      6. 4.6 Recruitment materials
      7. 4.7 Title IV program responsibilities
      8. 4.8 Distance and correspondence education
        1. 4.8.1
        2. 4.8.2
        3. 4.8.3
      9. 4.9 Definition of credit hours
  6. PART 4. Institutional Summary Form Prepared for Commission Reviews
  7. FOCUSED REPORT
  8. QUALITY ENHANCEMENT PLAN (QEP)

4.8.2

An institution that offers distance or correspondence education documents each of the following: has a written procedure for protecting the privacy of students enrolled in distance and correspondence education courses or programs.

Compliance Status

Louisiana State University and A&M College is in compliance with this principle.

Narrative

Louisiana State University and A&M College (LSU) has developed policies that conform to the privacy guidelines promulgated by the Family Educational Rights and Privacy Act (FERPA) [1]; these rights and protections extend to all students, including the distance and correspondence students.  The intent of FERPA is to protect the rights of students and to ensure the privacy and accuracy of educational records. These policies prohibit the release of personally identifiable information from educational records without the student's permission, except as specified by law. Only parties with the right to receive educational records pursuant to these policy statements and identified as such shall be entitled to receive the information.  

Information about FERPA is available to students [2], parents [3], and faculty and staff [4] on the Website of the LSU Registrar’s Office.  An annual notification, Privacy and Release of Student Education Records, is also posted on the LSU Registrar’s Office Website [5].  The Registrar’s Office also has a FERPA tutorial for faculty and staff [6].  This information specifically details what information can and cannot be released on all students, including those enrolled in distance education or continuing education programs. 

LSU has adopted a comprehensive set of policies and procedures designed to comply with federal laws and regulations protecting personally identifiable information. In most cases, the protection provided by these university policies and procedures extends beyond student records. The discussion below, however, focuses on the student records aspects of those policies and procedures.

Briefly, the laws and policies addressed by these university policies and procedures include the following:

Federal

  • Family Educational Rights and Privacy Act [1]
  • Health Insurance Portability and Accountability Act [7]
  • Gramm-Leach-Bliley Act [8]
  • Digital Millennium Copyright Act [9]

State of Louisiana

  • Title 44. Public Records and Recorders [10]
  • Data Security Breach Notification Law [11]
  • Louisiana State Office of Information Technology Security Policies [12].

Louisiana State University Board of Supervisors Policy 

As a member institution of the Louisiana State University System, LSU must enforce policies and procedures in compliance with the information security standards set by the Board of Supervisors and with applicable federal and state laws.  The LSU System information security standards are outlined in Permanent Memorandum 36 (PM-36): Louisiana State University System Information Security Plan [13]. Additional details are provided in the attachments to PM-36:

  • PM-36 Attachment 1: Table of contents and chapters 1-12 [14]
  • PM-36 Attachment 2: Glossary of terms [15]
  • PM-36 Attachment 3: References to PM-36 [16]
  • PM-36 Attachment 4: Business Associate Contract Addendum [17].

Policy Statements at LSU That Support Student Privacy, Including That of Distance Education or Continuing Education Students

Policy statement (PS) 30: Student Privacy Rights [18] outlines how to comply with this principle, how to inform all concerned parties of the rights and prerogatives of students under the FERPA, and how to outline procedures for those students who wish to inspect and review their educational records.  Personally identifiable information from educational records cannot be released without the student's permission, except as specified by law. Only parties with the right to receive educational records pursuant to these policy statements and identified as such shall be entitled to receive the information. 

Personally identifiable information is that which, when associated with an educational record, allows the record to be identified with a specific person. This information includes (a) the name of the student, the student's parent, or other family member; (b) the address of the student or student's family; (c) a personal identifier, such as a Social Security number or student number; (d) a list of personal characteristics which would make the student's identity easily traceable; and (e) other information which would make the student's identity easily traceable. This information is not released without the written consent of the student.

The provisions of this policy are further spelled out within the policy document itself, including those that would release educational records under the law without the student's permission.

PS-113: Social Security Number Policy [19] provides additional information as to how student privacy is protected.  The purpose of this policy is “to establish policy governing the collection, maintenance, use, and disclosure of Social Security numbers (SSN) and to comply with the FERPA and the Privacy Act of 1974.  The objectives are to eliminate the use of the SSN as the primary identifier for all individuals associated with the university, raise awareness of the confidential nature of the SSN, protect privacy interests, provide a consistent policy regarding treatment of SSNs, and promote confidence by the university community that SSNs are handled in a confidential manner.  A waiver application process is available for those faculty members or administrators who must maintain SSNs of students.  For example, in the Accreditation Council for Education in Nutrition and Dietetics (ACEND), accredited dietetics program verification statements certifying that the student is an LSU program graduate have SSNs and must be kept in perpetuity, so the director has a waiver through the Office of the Registrar to maintain these certificates in a locked file.

In lieu of using the students’ SSNs as unique identifiers, student numbers have been assigned to all students, including those participating in distance education or continuing education programs. This unique student identifier is to be accorded the same level of confidentially as the student’s SSN.  Students are advised not to use their student numbers in emails; faculty and staff cannot use these numbers in emails, unless they can send encrypted email. PS 06.15, Use of Electronic Mail (E-mail) [20], clearly states that “Ordinary e-mail must NOT be considered a secure method for transmitting protected information.” This follows closely with the regulations outlined in PS 107, Computer Users’ Responsibilities [21], which establishes important guidelines and restrictions regarding any and all use of computing resources at, for, or through LSU; PS 06.10 (PS 114), Security of Computing Resources, which outlines the role and authority of ITS in supporting and upholding the security and integrity of the LSU information technology environment [22]; PS 06.20, Security of Data [23], which outlines the responsibilities of all users in supporting and upholding the security of data at LSU regardless of the user’s affiliation or relation with the university, and irrespective of where the data is located, utilized, or accessed; and PS 06.25 Privacy of Computing Resources, which facilitates teaching, research, and the overall mission of the university through the authorized use of computing resources and data consistent with the university’s need for limited access by persons other than the account holder when necessary to serve or protect operations within the university or to meet legal requirements. The policy applies to all authorized users of computing resources at LSU regardless of user’s affiliation or relationship with the university and irrespective of where the resources are located, utilized, or accessed [24].

Additional policies and procedures to protect all students, records, and other data are found in Comprehensive Standard 3.9.2.

Author: Stephenie Franks
Last modified: 7/1/2015 7:33 AM (EST)