Privacy FAQ

What is privacy?

Although questions of privacy date back to the ancient Greeks, it has been an increasingly important part of the conversation in the last twenty years. Much like Justice Louis Brandeis articulated in the late 19th century, privacy’s most prominent feature was the “right to be let alone.” Later, through the passage of other laws, we recognized that access and control of one’s information has gained heightened importance. As new technology and corresponding security concerns have arisen over the years, the laws are oftentimes slow to adapt to these issues. The University of Texas at Austin is committed to protecting your privacy.

What is FERPA?

The Family Educational Rights and Privacy Act of 1974 is a federal law that protects the privacy of student education records and applies to UT Austin.

Who is covered under FERPA?

All students at UT Austin.

What are FERPA’s Big Three?

1. Control disclosure of their “education records” to others
2. Inspect and review their own “educational records”
3. Seek amendment of their “education records”

What are education records?

Records that (1) directly related to a student; and (2) maintained by an educational agency or institution or by a party acting for the agency or institution. Includes transcripts, exams, papers, and the like.

What is not considered part of an education record?

Sole possession records, law enforcement records, certain employment records, treatment records, alumni records, and peer-graded papers. What an institution has defined as “directory information.”

What is directory information?

Information that would not generally be considered harmful or a violation of privacy if disclosed. Within certain parameters, it is defined by the institution and so can vary among institutions. Students are allowed to opt out of disclosure of directory information. For example, photos may be defined as directory information, but an institution is not required to define photos as such.

What rights are granted to students under FERPA?

Students have the right to inspect and review their education records, request amendments if they believe records are inaccurate, and control the disclosure of their records. Schools must notify students of these rights annually.

How can a student request a correction to their education record?

The contents of a student's educational records may be challenged by the student on the grounds that they are inaccurate, misleading, or otherwise in violation of the privacy rights of the student by submitting a written statement to the custodian of records. The vice president and chief financial officer is the official custodian of records at the University.

What are common FERPA issues for faculty/staff?

• Attaching FERPA-protected information to an email directed toward the incorrect student.
• Using Outlook’s auto-suggest/correct feature can result in sending FERPA-protected information to unintended people.

What is the remediation measure for the issues described above?

If a faculty or staff member has inadvertently attached FERPA-protected information that was intended for another student, that person should email the unintended recipient and ask that they delete the message, delete the message from their deleted items folder, and then confirm that the unintended recipient has certified that they completed those tasks.

Can a student take an online course anonymously if they've opted out of directory information?

No, under FERPA, a student cannot use their right to opt out of directory information disclosures to prevent school officials from identifying them by name or disclosing their electronic identifier or institutional email address in class.

Are law enforcement records considered “education records” under FERPA?

Law enforcement records—records created by the law enforcement unit for a law enforcement purpose and maintained by the unit—are not "education records" subject to FERPA's protections. But "education records," shared with law enforcement do not lose their protected status simply because they are shared with law enforcement.

What is HIPAA?

The Health Insurance Portability and Accountability Act. For our purposes, it established national standards for safeguarding patients' protected health information (PHI) and ensures the confidentiality, integrity, and availability of PHI created, maintained, processed, transmitted, or received electronically (ePHI). The HIPAA Privacy Rule covers all health information and the HIPAA Security Rule addresses electronic health information.

What are the privacy policies for UT Austin’s campus Wi-Fi usage?

When you're using UT's network you are subject to all of UT's acceptable use policies. 

What measures are in place to protect against data breaches?

The University has policies and procedures in place in case of a data breach or some other incident that places information held by the University in jeopardy. Any individual who believes a data breach has occurred must immediately notify the Chief Information Security Officer, who will investigate the alleged breach and, if necessary, consult with the University’s Data Breach Response Planning Group and the affected department to remediate the breach, including providing any required notices.

• ISO Incident Management Procedures
• Personally Identifiable Data Breach Notification Plan

In certain circumstances, the University may be required to provide notice to affected individuals or certain governing authorities if a data breach results in disclosure of personal data.

How are privacy concerns handled for research participants?

UT Austin follows best practices to assure that data is securely handled and that research data is deidentified as needed.

What is the contact information for the Privacy Office?

Privacy Officer:  Jeffery L. Graves
Deputy Privacy Officer:  Arnold Jin

privacy@austin.utexas.edu or compliance@austin.utexas.edu
https://compliance.utexas.edu/privacy

Privacy Officer
University Risk and Compliance Services
1616 Guadalupe
UTA 2.206
Austin, TX 78701-1204
Phone: 512.232.7055
Fax: 512.232.3722

What services does the Privacy Office provide?

We offer consulting and services on a number of different areas, which include but are not limited to:

• Policy analysis
• Training and awareness
• Data use agreements review
• Advocacy
• Research
• Governance
• FERPA/IRB review