Re: FERPA Notice of Unauthorized Disclosure of Education Record

If you have directly received a notice from Naropa University regarding this data dissemination, your education record was identified as being directly impacted by the following event. 

  • A notation has been placed within the affected students’ education record pursuant to requirements of the Family Educational Rights and Privacy Act of 1974 (“FERPA”).
  • On November 8, 2017, a University employee inadvertently sent information relating to certain students to the University-issued email accounts of a group of current students.
  • The types of student information that were impacted as a result of the incident include the following: student name, student ID number, Admit date and year, Admit catalog, Program code, Academic status code, current Classification, any Major, Minor or Concentration codes, Advisor name, Registration Session and Year, Session Registration Status, Registered hours, Cumulative Attempted and Earned hours, Cumulative GPA, Work Course Codes and Final grades (specifically COR150 and/or COR220), Email address, Phone number, whether the student is/was classified as a LEAP, first-time/ first-year, or first generation student.

Please note that the above information is a comprehensive list and for most student affected, only a limited version of the above was released.

  • The University immediately responded by working with its email hosting vendor (Google) to ensure that the inadvertently transmitted information was permanently removed from the email accounts of all unintended recipients of the information. The University also reviewed available evidence and found no indication that any unintended recipient of the information forwarded the information to another email address within or outside of the University’s email domain. However, if any student has saved or otherwise still is in possession of this email message or its contents, you are asked to immediately delete all copies. 
  • The majority of this disseminated information is considered to be Directory Information. This is defined as, information that is considered to not be harmful if released. This data may be disclosed without prior written consent (unless notified in writing to the contrary), due to its Directory Information status, but institutionally, Naropa makes a practice of not releasing Directory information. Naropa University’s Directory information includes: student name, address, student email, telephone number, photograph, date and place of birth, major field of study, dates of attendance, degrees and awards received, and most recent previous school attended.
  • Naropa University takes the privacy and security of student information within its care very seriously. Should you have any questions or concerns, or information to provide the University regarding this incident, please contact us at