Security Policy for Users with Banner Access
The following rules apply to all university employees with Banner access:
- Individuals granted access to any Banner screens will be assigned a username and password. Passwords must be kept confidential and not shared or given to anyone, including supervisors, co-workers, student employees, or friends. It is the responsibility of each employee to keep his/her password confidential and change passwords whenever he/she feels someone else may have access it.
- Employees shall use their own username for all transactions. If access to additional forms is needed, requests should be made through your departmental supervisor to the data custodian of the module you need access to. Each employee given a username is held responsible for any data input or retrieved using that username.
- All employees of Eastern Washington University (administrative, academic, staff, and students) must abide by the policies governing the review and release of student education records. The Family Education Rights and Privacy Act (FERPA) of 1974 mandates that information in a student’s education record must be confidential and outlines the procedures for review, release, and access of such information.
Approval for access to the Student Information System (Banner) will be granted to those individuals who have been determined to have a legitimate educational interest in the data by the data custodian of the Student module. Individuals granted access to student data must understand and accept the responsibility of working with confidential student records.
A complete policy statement on the Eastern implementation of FERPA guidelines can be found in the Records & Registration Office. In part, the policy states that officials of the University may be given access to student education records on a “need-to-know” basis and that such access must be limited to job-related, legitimate educational interests. The information contained in a student’s education record shall not be released to a third party without the student's written consent. Such requests for information should be referred to the Records & Registration Office.
Examples of inappropriate use of student records are:
- Accessing and/or updating a student’s record without legitimate educational interest or for personal business.
- Releasing confidential (non-directory) information to another student, university employee, parent, or anyone not having legitimate educational interest without the student’s written consent.
- Leaving reports or computer screens containing confidential student information logged on or in view of others who do not have legitimate educational interest in the data.
- Giving your personal password to anyone for any reason.
- Discussing the information contained in the student record outside of the University or while on the job with individuals who do not have a legitimate educational interest in the information (need-to-know.)
Under no circumstances should an employee give confidential student information to any other student, employee, or persons who have not been authorized to receive such information by their departmental supervisor. Although directory information may be released without prior consent, any requests coming from anyone off campus should be referred to the Registrar or the Associate Vice President for Enrollment Management.
** Students may request that directory information concerning them be restricted. If this occurs, a flag denoting such a request will appear. No information may then be released without the student’s express written consent. A copy of this written consent must be on file in the Records & Registration Office.