Handling Sensitive Data Overview

Occasionally we get the question "What is sensitive data and how should I handle it?"

We follow the guidelines laid out in The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) which is Federal law that protects the privacy of student education records. UNC’s Office of the Registrar has information on FERPA and student privacy and the Universities compliance with FERPA requirements available at: https://www.unco.edu/registrar/ferpa.aspx. FERPA training is available for UNC Faculty and Staff who have access to Banner through our Learning Management System (Canvas.unco.edu) using your URSA account. This course is named: Family Education Rights and Privacy Act (FERPA) 2019.

The University of Northern Colorado is legally and ethically obligated to protect the confidentially of student educational records.  We also recommend anypiece of information, which can potentially be used to uniquely identify, contact, or locate a person or can be used with other sources to uniquely identify a single individual, to be handled in a secure manner as well.

We also provide information on Sensitive Information Handling at our CyberSecurity page under the Faculty and Staff Resources - Sensitive Information.   and have created a course in Canvas named: Information and CyberSecurity Awareness which covers best data handling practices.

Handling Sensitive Data FAQs

  • When someone requests student data from me, what are UNC's general guidelines? 

    When you are asked for student data, the first thing you should ask yourself is - am I the right person to give out this information on behalf of the student? 

    1. If you do NOT have the authority to give out student information to the requesting party, refer the requester to your supervise or to the data steward for this information.
    2. If you DO have the authority to give our student information, ask yourself -  does the requestor need this student information for educational purposes related to his/her job?

    Whenever faculty/staff have a legitimate reason to share sensitive student data, they have an obligation to do so in a secure manner. 

  • What are secure ways to send sensitive student data? 


    When UNC moved email services to Microsoft Office 365, our email security posture improved to where delivery of messages to @unco.edu and @bears.unco.edu via the Desktop Outlook Client, Mobile device Outlook Client or Outlook.Office365.com (Formerly OWA.unco.edu) is secure and encryption of data in transit and at rest.

    Note: emails should NOT be forwarded to Non-UNC emails addresses (such as Yahoo, Gmail, Comcast, etc.) as we cannot verify secure delivery and encryption of data in transit and at rest.

    SharePoint Online

    When you are using SharePoint Online sites, you can securely share documents with UNC employees. Identify the file you want to be shared. Next to the file name is a “Send Link” icon with a arrow in motion pointing to the left. Click on this icon, type in the email address of the recipient and then send the link. 


    You can share files with either UNC employees or non-UNC agencies via OneDrive. Directions for Sharing Documents via OneDrive (you will be directed to sign-in). If you are sharing documents with non-UNC employees, access should be limited (including lock on forwarding, setting expirations, etc.). You can use the IRM (Information Rights Management) to restrict permissions to content in documents, spreadsheets, and presentations within Microsoft Office.

Data Decision Tree

Data Decision Tree

Click to Enlarge