Data Security Policies

All KSU faculty, staff, and students utilizing university technology resources ( - scroll to bottom of page) must comply with KSU’s Data Security Policy, an essential component in meeting compliance with federal, state and the 

KSU's Data Security Policy was created to protect sensitive university data such as personal data of students and employees as well as data related to research projects, including the personal data of research participants. It is the individual’s responsibility that data stored using the available resourcers adhere to the policy and legal requirements.  on data management tools training and step-by-step documentation, resources provided by UITS.

Please review the topics related to data security and storage as outlined below.

A grad student typing on a laptop keyboard. A glowing padlock symbol is superimposed over the keyboard, with other security-related icons and lines of code visible in the background.

Use of Student Data

A white padlock symbol on a black background with computer code in the background.
  • Research projects proposing the use of information obtained from student records (e.g., KSU email addresses, GPAs, test scores, grades, credit hours) should follow KSU policies and FERPA regulations, which govern the disclosure of student record information.

    The Family Educational Rights and Privacy Act of 1974 (FERPA), is a federal law that sets forth requirements regarding the . Student records are considered confidential and information therein should not be disclosed without written student consent unless the disclosure meets one of the FERPA exceptions.

    Research projects proposing the use of information obtained from student records (e.g., KSU email addresses, GPAs, test scores, grades, credit hours) should follow KSU policies and FERPA regulations, which govern the disclosure of student record information. Please see here for 

    Personal identifiable information such as Social Security numbers/KSU student ID numbers and 
    KSU student email addresses are protected and cannot be accessed for research purposes. 

    The following examples of student record information that might be used in research projects cannot be disclosed to the research team without prior consent of the students:  

    • Grades, Credits hours (attempted or earned)
    • Grade Point Averages
    • Email Addresses
    • Enrollment status (part/full time)
    • Residency Status
    • Tuition and Fee Payment Records
    • Financial Aid Records
    • Marital status
    • Race
    • Gender
    • Citizenship
    • Parent’s Name and Address
    • Current Class Schedule
    • Disciplinary Actions
    • Academic Actions

    Appropriate consent from KSU student research subjects needs to be obtained via the . Consent must be obtained with a signature, which can be on paper or via an authenticated process such as DocuSign. Once the student research subjects grant the PI access via the FERPA Consent to Disclosure, the PI can submit the list of consented students to Institutional Research with their request for data release. A fully electronic process is currently under development. Please note that this form does not replace the regular informed consent for your study.

    View our current policies regarding KSU student records, which are maintained by the . 

Research Data Security Training

A logo with the words "Owl Train" in white, superimposed over a keyboard with glowing blue keys.

 

Five-minute video available on OwlTrain outlining state and federal laws on the secure management of data and best practices to secure control of data during all phases of research.

 

KSU Data Storage Matrix

A close-up photo of reports with a pie chart, bar graphs, and a yellow pen resting on it. The pie chart has multiple segments of different colors, each labeled with a percentage and a small flag. The bar graphs are also colored and have numerical labels.

 

The matrix compares the data storage tools - OneDrive, SharePoint, and Shared Network Drives (I, M) - available at KSU with the types of data that can be safely stored in each. 

PLEASE NOTE: Other methods of storage include encrypted flash drives, encrypted hard drives, or locked file cabinets located in locked offices.

Learn More

 

General Data Protection Regulation

The official logo of the General Data Protection Regulation (GDPR), featuring a blue background with a circle of 12 yellow stars surrounding a white globe centered on Europe. The acronym "GDPR" is written vertically in white, with each letter separated by a horizontal line.

 

The European Union General Data Protection Regulation (“EU GDPR”) is a new and more stringent regulation governing the use of personal data. This law, which took effect on May 25, 2018, was developed by the European Union to help maintain the privacy and security of any EU resident’s personal information.

The EU GDPR applies to any organization which handles the personal information of any resident in the European Union (EU), regardless of where in the world that organization is located.

EU General Data Protection Regulation


More specific information, including FAQs, can be found on this , dedicated to inform the KSU community on how to interpret and achieve compliance.