Below are examples of how student data is used at the University of Colorado Boulder:
NOTE: You might be very careful in addressing the email to a recipient who also has a legitimate educational interest in this data, but email is not a secured method of communication (APS Use of Electronic Communications and Student Email Policy). Never send an unprotected file of protected data via email unless it is password protected. In addition, we have seen on occasion unsecured attachments that may have legitimately been sent to someone on campus, but then forwarded on to others who have no legitimate educational interest (as defined by FERPA) in having access to this data. Always password protect a file. You might now be wondering if it is okay to send a spreadsheet of names with directory information (college, major, etc.) This would be fine UNLESS it contains information about a student who has full privacy protection. Then you must password protect the file. The best practice is to always protect the file, even if it only contains student IDs.
We have seen a number of CU-SIS screenshots sent via email lately that clearly identify the student (or the student is identified in the body of the email) and contains a great deal of sensitive data, or data the recipient may not have a legitimate educational interest in receiving. Please use your knowledge of FERPA and university policies before sending this much information about a student. If still needed, send the screenshot as a password-protected document.
Dear faculty and staff,
Faculty and staff using the tuition benefit may register for CU-Boulder Main Campus classes beginning on Monday, Aug. 24, 2015, at 12:01 a.m.
Between Aug. 19 and 27, the Office of the Registrar will provide extended walk-in office hours of 8:30 a.m.–6 p.m., Monday–Friday.