Re: FERPA Notice of Unauthorized Disclosure of Education Record

september 2018

If you have directly received a notice from Naropa University regarding this data dissemination, your education record was identified as being directly impacted by the following event.

  • A notation has been placed within the affected students’ education record pursuant to requirements of the Family Educational Rights and Privacy Act of 1974 (“FERPA”).
  • On September 13, 2018 a Naropa employee inadvertently sent class list information to a group of current students’ Naropa University-issued email accounts. The class list and recipients of the information consist of the same group.
  • The student information that was impacted as a result of the incident includes the following: student name, student ID number, Classification, Major, Course Registration Status, Email address, FERPA Restrict (Y/N).

Please note that the above information is a comprehensive list and for most student affected, only a limited version of the above was released.

  • Naropa immediately responded to ensure that the inadvertently transmitted information was permanently removed from the email accounts of all unintended recipients of the information. Naropa also reviewed available evidence and found no indication that any unintended recipient of the information forwarded the information to another email address within or outside of Naropa’s email domain.
  • The majority of this disseminated information is considered to be Directory Information. This is defined as, information that is considered to not be harmful if released. This data may be disclosed without prior written consent (unless notified in writing to the contrary), due to its Directory Information status, but institutionally, Naropa makes a practice of not releasing Directory information. Naropa University’s Directory information includes: student name, address, student email, telephone number, photograph, date and place of birth, major field of study, dates of attendance, degrees and awards received, and most recent previous school attended.
  • Naropa University takes the privacy and security of student information within its care very seriously. Should you have any questions or concerns, or information to provide the University regarding this incident, please contact us at StudentData@naropa.edu.
november 2017

If you have directly received a notice from Naropa University regarding this data dissemination, your education record was identified as being directly impacted by the following event. 

  • A notation has been placed within the affected students’ education record pursuant to requirements of the Family Educational Rights and Privacy Act of 1974 (“FERPA”).
  • On November 8, 2017, a University employee inadvertently sent information relating to certain students to the University-issued email accounts of a group of current students.
  • The types of student information that were impacted as a result of the incident include the following: student name, student ID number, Admit date and year, Admit catalog, Program code, Academic status code, current Classification, any Major, Minor or Concentration codes, Advisor name, Registration Session and Year, Session Registration Status, Registered hours, Cumulative Attempted and Earned hours, Cumulative GPA, Work Course Codes and Final grades (specifically COR150 and/or COR220), Email address, Phone number, whether the student is/was classified as a LEAP, first-time/ first-year, or first generation student.

Please note that the above information is a comprehensive list and for most student affected, only a limited version of the above was released.

  • The University immediately responded by working with its email hosting vendor (Google) to ensure that the inadvertently transmitted information was permanently removed from the email accounts of all unintended recipients of the information. The University also reviewed available evidence and found no indication that any unintended recipient of the information forwarded the information to another email address within or outside of the University’s email domain. However, if any student has saved or otherwise still is in possession of this email message or its contents, you are asked to immediately delete all copies. 
  • The majority of this disseminated information is considered to be Directory Information. This is defined as, information that is considered to not be harmful if released. This data may be disclosed without prior written consent (unless notified in writing to the contrary), due to its Directory Information status, but institutionally, Naropa makes a practice of not releasing Directory information. Naropa University’s Directory information includes: student name, address, student email, telephone number, photograph, date and place of birth, major field of study, dates of attendance, degrees and awards received, and most recent previous school attended.
  • Naropa University takes the privacy and security of student information within its care very seriously. Should you have any questions or concerns, or information to provide the University regarding this incident, please contact us at StudentData@naropa.edu.