Updated August 27, 2019
Public records at the University at Buffalo are governed and protected by federal, state and local regulations such as the Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), Freedom of Information Law and the Fair Credit Reporting Act. In addition to the statutory requirements, confidential records and regulated private data must be handled in accordance with the university’s privacy and information security policies.
The university complies fully with the New York State "Freedom of Information Law" (Article VI, Public Officers Law, as amended effective January 1, 1978), which was enacted to assure public accountability of state agencies while protecting individuals against unwarranted invasions of personal privacy. Records are made available through the campus Records Access Officer.
The university complies fully with the Family Educational Rights and Privacy Act of 1974 in its treatment of student educational records. The university's policy statement can be found in Article 7, Section II Family Educational Rights and Privacy Act, of the Student Conduct Rules, University Standards and Administrative Regulations. A copy of the Rules can be obtained from the Judicial Affairs and Student Advocacy, 252 Capen Hall, Buffalo, NY 14260.
FERPA was intended to protect the privacy of educational records, to establish the right of students to inspect and review their educational records and to provide guidelines for the correction or deletion of inaccurate or misleading data through informal and formal hearings.
While FERPA generally requires the university to ask for written consent before disclosing a student’s personally identifiable information, it also allows colleges and universities to take key steps to maintain campus safety.
The university will not release personally identifiable information on students who are the subject of an administrative process or criminal investigation. In an emergency, FERPA permits the university to disclose without student consent education records to protect the health or safety of students or other individuals.
FERPA permits the university to disclose information from education records to parents if a health or safety emergency involves their son or daughter. Schools may disclose education records to parents if:
Unless otherwise notified in writing, the university may publish directory and other information about students, including name, current address, telephone number, email address, major field of study, dates of attendance and degrees and awards received. The university may also release directory information to interested organizations.
The University at Buffalo is a sub-component of the State University of New York. For the purposes of HIPAA, SUNY is the covered entity. SUNY has designated itself a hybrid covered entity which means it is comprised of some functions that fall under HIPAA and other functions that do not.
The university is committed to full compliance with the Clery Act and the Campus SaVE Act, which mandate the reporting, collection, and disclosure of statistics concerning the occurrence of certain criminal offenses and timely notification of continuing criminal threats. These laws also require sexual assault awareness measures and mandatory notices to sexual assault victims.