Records privacy and retention policy
The First-Generation Student Center (FGSC) Records Privacy and Retention Policy outlines how our unit collects, uses, stores, and protects student and participant information across all FGSC programs.
The FGSC houses seven federally funded TRIO programs (four Upward Bound Programs, Upward Bound Math Science, TRIO Student Support Services, TRIO SSS STEM, and McNair) as well as an institutionally funded program (First in the Pack) and a privately funded initiative (Fostering the Pack). The FGSC mission is to is to help students who will be the first in their families to complete a bachelor’s degree and income-qualified students to overcome the academic and socioeconomic barriers to success in higher education. Each of these programs follows the University’s overarching privacy and information security policies in alignment with OIT and General Counsel guidance.
Student and participant records are collected and used by the FGSC to verify eligibility, track academic progress, deliver targeted services and interventions, and fulfill mandatory University and federal reporting requirements, including the Annual Performance Report to the U.S. Department of Education mandated for each TRIO grant program.
For the TRIO programs, there are additional federal privacy and documentation requirements outlined in the Code of Federal Regulations (34 CFR 645 and 646) and Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (2 CFR 200.334: Retention Requirements for Records). These programs require heightened protection of participant records, including eligibility verification, income documentation, and academic performance data. In accordance with federal mandates:
- Student applications and required eligibility documentation (e.g., proof of income, financial aid documents, citizenship/identification verification, and academic records/transcripts) are collected and securely maintained in OIT vetted and approved databases (Blumen and Submittable) and in locked physical files located in restricted areas accessible only to authorized administrative faculty.
- Electronic data are housed behind the University’s secure firewall and protected through two-factor authentication, managed by UNR OIT.
- After 10 years, physical records are digitized and stored permanently through the University’s OnBase system to ensure long-term security and compliance with TRIO and federal retention requirements. A simple alumni list (name, graduation cohort, phone number, and email if available) is also maintained in NevadaBox and solely used for alumni engagement purposes.
- All FGSC data use and access are governed by University policy, the Family Educational Rights and Privacy Act (FERPA) and U.S. Department of Education confidentiality standards for federal TRIO grantees.
All First-Generation Student Center staff receive onboarding training on the Federal Education Rights and Privacy Act (FERPA), 2 CFR 200.334: Retention Requirements for Records, and how to appropriately collect and store required documentation, and who has authority to access student record components and databases. In addition, all staff complete the annual OIT Cybersecurity training. These measures ensure we meet both federal regulatory assessment requirements and cybersecurity expectations.