Data Collection

Can I Collect Personal Data Online or Distribute it on my Website?

It depends on what kind of data you are referring to. Augusta University Web Services reserves the right to deny requests to assist departments with certain online data collection, such as the creation and/or distribution of third-party survey forms (i.e. Wufoo). While some data is perfectly fine to collect using such forms, other data should not be collected and stored in this way.

Most data collection methods (email, Wufoo, etc.) are not secure and cannot be used to collect information that should remain secure. If collecting data through Wufoo is deemed appropriate, Web Services may require a password to view survey data.

Examples of Protected Data

The following are some prominent examples of data protected by state and federal law and university policy. Often, context plays a role in data sensitivity; thus, this list is not exhaustive:

  • Personal and financial data, including:
    • Social Security number
    • Credit card number or banking information
    • Passport number
    • Foreign visa number
    • Tax information
    • Credit reports
    • Any information that can be used to facilitate identity theft (such as mother's maiden name)
  • Federally protected data, including:
    • FERPA-protected information (e.g., student information and grades)
    • HIPAA-protected information (e.g., health, medical, or psychological information)
  • State protected data


The Family Education Rights and Privacy Act was enacted in 1974. FERPA protects the privacy of student education records. All educational institutions that receive federal funding, including Augusta University, must comply with FERPA.

How does FERPA apply to collecting/storing student data?

Generally, a student's records cannot be shared without specific written consent by the student. These records include grades, class lists, course schedules, disciplinary records, and financial records.

A 2008 update to FERPA clarified that schools use "reasonable methods" to ensure school officials have access to only those records they need.

FERPA does allow "directory information" to be collected and contained because it's not generally considered harmful or an invasion of privacy if disclosed. Examples of directory information include:

  • Student's name
  • Phone number(s)
  • Address(es)
  • Email address(es)
  • Degrees and awards received
  • Most recent educational institution attended
  • Augusta University photograph
  • Major fields of study
  • Participation in organized sports/activities
  • Dates of Augusta University attendance
  • Height/weight of athletic team members
  • Thesis/Dissertation title and faculty mentor
  • Employment title and contact information

Under the Georgia Open Records Act, Augusta University is required to release this type of information as requested.

Learn More About FERPA

Stop and Think

If you are handling or collecting critical information, such as Social Security numbers, financial information, driver's license numbers, or other sensitive personal data, determine if this information is really necessary.

  • If you do not absolutely need the information to transact business, get rid of it! If you received that data from another source, tell them not to provide it to you anymore.
  • If you do absolutely need it for the transaction, ensure you are handling it securely.
  • Double check email addresses, fax numbers, telephone numbers before transmitting the data.