FERPA / Confidentiality

In order to comply with federal regulations, the University of North Carolina Asheville has adopted institutional policies and procedures to be followed with regard to disclosure of information from the education records of current and former students. The student record policy of UNC Asheville conforms to the Family Educational Rights and Privacy Act (FERPA) of 1974 (Public Law 93-380). Education records are in the custody of the Registrar. A student’s UNC Asheville academic transcript is permanently maintained. Other documents are retained pursuant to administrative policies.

Copies of the student’s official UNC Asheville transcript are released only on the written request of the student, and only after all obligations to the university, financial and otherwise, have been fulfilled. Transcripts received from other schools are the property of the university and are not copied or released.

The university does not permit access to or the release of education records without the written consent of the student except when required.

Please note: Information can be released without a student’s consent when required by law. Students should review the Release of Student Directory Information below to understand what is considered directory information as defined at UNC Asheville. Students not wanting their directory information released may file a Directory Restriction form in the Academic Success Center. The Directory Restriction form restricts all information on a student. For example, the university, if contacted, cannot acknowledge whether or not a student is enrolled, nor can it include the student in Dean’s List notifications or on graduation lists. Students may revoke the restriction at any time by submitting a written request to the Office of the Registrar.

Release of Student Directory Information

I. Directory Information

Directory information is information not generally considered harmful or an invasion of privacy if disclosed. Unless a student requests in writing to the contrary, federal law permits the University to release directory information to the public without the student’s consent. The following is considered to be directory information at UNC Asheville.

  • Name (including preferred first name)
  • Major field of study
  • Class (junior, senior, etc.)
  • Enrollment status (full-time, part-time, etc.)
  • Dates of attendance at UNC Asheville
  • Degrees and awards received (including Dean’s List and Chancellor’s List as well as scholarships)
  • Participation in select activities and sports
  • Height, hometown and high school of members of athletic teams

Photographs, videos, or other media containing a student’s image or likeness (collectively, “student images”) and University-issued student email addresses are designated by UNC Asheville as “limited use directory information.” Use and disclosure of limited use directory information will be restricted to: (1) publication in official University publications or on social media sites or websites hosted or maintained by, on behalf of, or for the benefit of the University, including the University’s online directory and internal email system; (2) University officials who have access, consistent with FERPA, to such information and only in conjunction with a legitimate educational interest; and (3) external parties contractually affiliated with the University, provided such affiliation requires the sharing of limited use directory information.

II. Non-directory Information:

The university does not permit access to, or the release of education records, without proper authorization of the student with the following exceptions:

  • to UNC Asheville officials, including faculty, who require such records in the proper performance of their duties;
  • in connection with the student’s application for or receipt of financial aid or Veterans Administration benefits;
  • to organizations conducting studies for educational and governmental agencies (in which case individual students are neither identified nor identifiable);
  • to U.S. government agencies as listed in Public Law 93-380;
  • to parents of a dependent student as defined in the Internal Revenue Code of 1954;
  • to accrediting agencies;
  • to comply with a judicial order or lawfully issued subpoena;
  • to appropriate persons in connection with an emergency if the knowledge of such information is necessary to protect the health or safety of a student or any other person; and
  • to other University of North Carolina system institutions if the student applies or is accepted for transfer to those institutions.

Education Records – Rights Under FERPA

See the Student Rights under FERPA and the Parent Rights Under FERPA sections of this website for more information. Students wanting to release non-directory information to parents or other specified individuals, referred to as proxies, may do so online through their OnePort account using their UNC Asheville log in credentials. Details on how to set up a proxy can be found on our Proxy Access webpage.

Protection of Student Records

The Office of the Registrar ensures the security of student records by:

  • Securing files in the Student Records Vault and limiting access to authorized personnel only
  • Restricting access to electronic student records information to those needing it to perform essential job functions
  • Locking spaces where records and student information are used and stored
  • Limiting the display of social security numbers to only those needing it to perform essential job functions
  • Limiting access to work spaces to authorized personnel
  • Requiring everyone, including student workers, to sign confidentiality agreements
  • Requiring students, and others as needed, to present a photo ID for identification purposes before releasing non-directory information
  • Utilizing screen protectors on computer monitors to keep unauthorized personnel from viewing student information during normal business hours
  • Utilizing password-protected workstations to keep unauthorized personnel from logging on to staff computers after hours

Other University offices and departments implement procedures as recommended or used by the Office of the Registrar to ensure security of student records campus-wide including:

  • Using password protected databases
  • Limiting access to passwords
  • Locking file cabinets and drawers with student records
  • Not releasing student information sent to a department on to other third parties (i.e. report spreadsheets requested and approved for a specific department’s use should not be released to others)
  • Locking offices where records are used and stored
  • Shredding appropriate documents as needed or required

Access to the student information database is restricted to individuals with a legitimate need to know or who must have access to student information in order to perform required job functions. A careful analysis is performed on all access requests by the appointed data manager. Administrative user access to the Banner Student database is restricted to the smallest number of users possible. Access is only granted after the request is reviewed and approved by the Registrar, the data manager for the Banner Student module. When needed, the Registrar works with departments and other administrators to clarify requests before a decision is made. If the access request is approved, IT Services creates an account for the user. Each year, a review by supervisors is required to reauthorize those employees who should maintain their access to Banner Student data. Employees granted access to student data must sign an agreement stating that they understand the statutes protecting the data and will uphold them.

For more information, see UNC Asheville’s Data Management Policy.