142 Data Security Policies UNIVERSITY OF WATERLOO Guidelines for Managing Student Information for Faculties, Academic Departments and Schools https://uwaterloo.ca/secretariat/guidelines/guidelines-managing-student-information-faculties- academic Students do not have the right to access the personal information of individuals other than themselves. Returning assignments or exams to students or posting grades must be done in a way which does not reveal personal information to other students in the class. For more information, see Guidelines on Returning Assignments and Posting Grades. It is also recommended that information which pertains to multiple students, such as grade revision forms, be filed separately rather than in the files of individual students. Disclosure of Student Information Disclosure refers to releasing student information to any party or agency (including parents, spouses, employers, and landlords) other than the student and university faculty and staff with a legitimate need to know. Electronic posting of student personal information (including photographs) on publicly available websites (including social media sites such as Facebook) or websites available to faculty, staff, and students requires prior notice to the students who must consent to the use of their personal information in this way. References: Be aware that information contained in references or recommendations for students is considered the personal information of the student and therefore faculty and staff members should not provide references without the consent of the student. An email from the student asking for a reference or the student naming the referee in an application can be considered consent. Students are advised to seek the agreement of potential referees before naming them in an application. RReessppoonnddiinngg ttoo iinnffoorrmmaattiioonn rreeqquueessttss Requests from students for letters confirming their status or other academic information must be directed to the Registrar’s Office or the Graduate Studies Office. Employees should be cautious about responding to requests for student information even on an informal basis. Employees may seek advice from the Registrar’s Office, the Graduate Studies Office, or the university’s Privacy Officer. Retention and Disposal of Student Information Retention: Under FIPPA the university is required to keep personal information about students for a minimum of one year. Beyond the one year minimum, student information must be kept only as long as necessary to complete the contractual obligations between the university and the student, to provide information on the academic achievements (such as transcripts) of the student to employers, educational institutions, licensing/regulatory bodies, and to the student him/herself, and to provide the student with appropriate support and other services. In practice, this means that different types of student information are subject to different retention periods. The core academic record in Quest, which includes data on a student’s identity, years of study, grades and academic milestones, and degrees and certificates earned, is the only record that the university retains indefinitely in relation to individual students. The university’s approved retention schedules for student information can be found in the Student Management and Teaching & Learning sections of WatCLASS. Disposal: Under FIPPA, the university is also required to dispose of personal information securely and to keep a record of the disposal. Disposal must be authorized by the unit head or his/her delegate. For more information see Records Disposal Procedures. Copies and Non-Official Information: Faculty and staff managing student information should make a clear distinction between official records and copies and other non-official information (for more information, see Managing Transitory Records). The following are common types of non-official student information: Copies of forms and other documents sent to the Registrar’s Office or the Graduate Studies Office Copies provided to members of committees Database extracts