Data Request Policy

Requests for Data From the Student Information System

Note to Students:  
The Registrar’s Office does not accept data requests from individual students or student groups.  The requests must be authorized and originate from a University faculty or staff member.

 

At the University of Massachusetts Amherst, the following information is defined as directory information: student's name, Hometown, Dates of Attendance, Major, School/College, Acknowledgement of participation in officially-recognized University activities and sports, Weight and height of members of athletic teams,Degrees, certificates and awards, Most recent previous educational institution or agency attended. The University can release some or all of that information, unless a student specifically requests suppression of the data. All other data about students are classified as educational records, and access to educational records, without specific written consent from the student, is much more restricted, per federal and state law and University policy.

The Registrar's Office frequently receives requests for electronic or printed reports of student demographic and/or academic information. The Registrar is charged with approving or denying these requests, to ensure compliance with applicable policy and law and to ensure good custody of educational records.

Shared Responsibilities
Defining and developing a data request is a joint responsibility which does not end with the receipt of the report, list, labels, etc. The following information should clarify the responsibilities of both the data provider and the data receiver.

The Registrar's Office is responsible for:

  • accepting and acting on requests for data, in accordance with applicable policy and in consultation with the Directory Information Policy Committee
  • ensuring that its custodial responsibilities for the data are observed by the requesting office, if the request is approved
  • advising the requesting office about the nature of the data being provided
  • developing the report, list, etc., if approved
  • developing an appropriate set of controls for timing and executing the requests
  • monitoring the accuracy of the data
  • suspending further data delivery, should it be used for any unauthorized purpose, not be kept secure, or not be well-maintained by the requesting office

The Requesting Office is responsible for:

  • maintaining the integrity and security of the data in their local environment
  • examining all data from the Registrar's Office to ensure its accuracy prior to using it
  • providing its own local production environment - including backup, error correction, etc.
  • providing accurately described and carefully analyzed answers to questions about any and all requirements
  • providing input to the Registrar's Office as to the effectiveness and quality of both the data and its delivery
  • using the data only for the purposes approved by the Registrar's Office or Directory Information Policy committee
  • informing the Registrar's Office should data needs change (e.g., new information needed, data needed on a different schedule, a change in or extension of the purposes to which the data will be applied)