This is a role-based guide to the Letters and Science Information Security Managment Program.
This guide is relevant to instructors, TAs, Readers, Student Services staff (including advisors) and other employees who interact with students in an instructional or advising capacity.
- In this role, you regularly work with student data which requires special handling.
- Most individually identifiable data about UC Davis undergraduate and graduate students is protected under federal law (FERPA) and is therefore classified at Protection Level 3 (P3).
- This includes student grades, graded assignments, communications about instructional matters between students and instructors, TAs, Readers, and student services staff.
- Some data about students, including information about financial aid and student health information (including student accommodations), is classified at Protection Level 4 (P4).
- Large collections of 500 or more individually identifiable student education records are also classified as P4. Examples include large troves of graded assignments, collections of old course rosters, historical grade information, etc.
- Most individually identifiable data about UC Davis undergraduate and graduate students is protected under federal law (FERPA) and is therefore classified at Protection Level 3 (P3).
- Data classified at P3 or P4 should only be stored, processed, or accessed on or via university owned and managed devices.
- We recognize this presents a conundrum for many TAs, Readers, and Lecturers, who are typically not issued university owned computers and therefore use personally owned computers for their instructional duties.
- Our guidance in these cases is to keep student information within the official university systems, such as Canvas, rather than downloading them to your personal device.
- For example, rather than downloading student assignments to your computer to grade them, have students submit assignments via Canvas, and only access/grade the assignments via your browser.
- For example, maintain course grades in the Canvas gradebook application rather than storing grades in an Excel spreadsheet on your personally owned computer.
- If using a personally owned computer, smartphone, or tablet for your instructional or student support duties, ensure that it meets the UC minimum security standards.
- We recognize this presents a conundrum for many TAs, Readers, and Lecturers, who are typically not issued university owned computers and therefore use personally owned computers for their instructional duties.
- All emails and other electronic communications regarding instruction and advising between students and instructors/TAs/Readers/advisors must stay within university managed systems.
- Do not provide students with your personal email address or phone number to contact you; instead, use only your official @ucdavis.edu email address.
- Do not forward your UC Davis email to a personal email account.
- Use the communication tools within Canvas, OASIS, and other official university systems of record for communications with students.
- The university has both legal and ethical mandates to ensure that educational content is accessible to people with disabilities, and there is a significant liability to the university from failure to comply with the legal mandates.
- Host educational materials only on university provided platforms designed for this purpose, such as Canvas, Aggie Video, Box, etc.
- Do not post required course materials on personal websites.
- Ensure that ed tech tools you use in instructional settings have been vetted for security (Vendor Risk Assessment) and accessibility.
- In particular, tools that require students to sign up with an email address or otherwise create an account MUST go through the Vendor Risk Assessment process PRIOR to being used.
- Host educational materials only on university provided platforms designed for this purpose, such as Canvas, Aggie Video, Box, etc.
Do you have questions or feedback on this guide? Please contact lsuisl@ucdavis.edu.