Section 2: Best Practices with Student Data

Agents should take every precaution to protect student information. Springboard contractors will abide by the following data protection practices:  

FERPA Check

• When talking with a student on a phone call or as part of an appointment, you must perform a FERPA check to ensure the individual you are speaking with is indeed the student. This only applies to live voice conversations with students.

• A FERPA check includes asking three identifying questions such as phone, email, ID#, etc.   

  • Ex: “Hi, this is _____ , and I am a Agent with BYU-Pathway Worldwide.  Am I talking to ____? And to make sure I have the right information; can you answer a few questions for me?”  

    • What is your email address?  

    • What is your middle name?  

    • What is your date of birth?  

    • What is your primary phone number?  

    • What is your mailing address?  

    • What is your ID number?  

Agents should not share any information with a student’s parents or other family members. 

Agents should only use student information for work-related needs. 

Password Protection  

• Leave student information in provided resources. Do not save student information elsewhere, such as on your PC, laptop, or hard drive.

• Keep your passwords and login information confidential by not sharing them with others, not writing them down where they can be seen or easily found, and not storing them in an unencrypted computer file.

• Immediately change passwords if they may have been exposed.

• Password lock your computer or phone when you are away from your work area. 

• Only access student information on a private, password protected network. Do not access student information on a shared network.

Discarding or Sharing Information

• Do not send student information over email or on a group chat.

• Avoid printing files that contain student information. Avoid writing down student information in notebooks or other locations.

• ​​​​​​​Do not screenshare any program or system that contains student data when on calls. However, students can screenshare their Student Portal or programs containing their personal data with you. 

Privacy and Security

• Shut your computer down when leaving for an extended period, such as overnight.

• Consider where e-mail attachments came from before opening them, since they are a potential source of viruses and other malicious software .

• Have a private workspace and use a headset or headphones to protect a student’s private conversations being overheard by others.

• Report a perceived security breach or suspicious activities on any system to your upline as quickly as possible.

Protecting Student Privacy and Data While Using Group Communication Methods

• In your role, you should not start WhatsApp group messages or Facebook groups without student consent. Regulations require that student information not be shared with other students without individual student consent.

• If you would like to invite students to join a WhatsApp group, you should first send students a group link individually. See this link for more information: How to Create and Invite into a Group on WhatsApp   

• If you would like to invite students to join a Facebook group, you should receive permission from students individually before adding a student to a Facebook group. See this link for more information: How to Invite Students to a Facebook Group 

• Group emails should be avoided, even when using the bcc field.