This Non-Disclosure Agreement is intended to define the responsibilities of those employees who have access to NMSU records that contain sensitive or confidential information about students, employees, donors or other individuals, and to record his or her recognition and acceptance of that responsibility.
New Mexico State University maintains the confidentiality and security of records in compliance with the Family Educational Rights and Privacy Act of 1974 (FERPA), the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), in addition to other federal and state laws. These laws pertain to the security and privacy of personal academic, medical and financial information, along with identifying information such as social security numbers.
FERPA protects student records. FERPA requires post-secondary educational institutions and agencies to conform to fair information practices in their handling of student data. Among the provisions of the act are the requirements that data be used only for intended purposes and that those responsible for student data take reasonable precautions to prevent misuse of it. Examples include Social Security Numbers, grades, date of birth, etc.
HIPAA protects all medical records and other individually identifiable health information used or disclosed in any form, whether electronically, on paper or orally.
GLBA protects private, non-public, information of individuals. Private, non-public information consists of information such as name, Social Security Number, date and location of birth, gender, credit card numbers and driver's license numbers.
Within NMSU, employees are authorized access to University records only to the extent necessary to perform their official university duties, and are responsible for protecting such information against unauthorized access or disclosure.
Employee: Recognizing this responsibility, I agree to the following (please initial each line):
I will access university records only as required to perform my assigned duties.
I will not access student or employee information that is not necessary to carry out my job. This includes the records of my children, my spouse, significant other, parents, other relatives, friends and acquaintances.
I will store information under secure conditions and make every effort to ensure individuals’ privacy.
I will not divulge, copy, release, sell, loan, review, alter or destroy records except as properly authorized by the appropriate university official within the scope of applicable state or federal laws, record retention schedules and internal policies.
I will forward all requests for information via an open records request to the university’s General Counsel for guidance. I will not release information covered by these requests until instructed to by university’s General Counsel or my supervisor.
When I release student information, I will divulge only the information regarded as “directory” or public information, specifically the student’s name, address, telephone listing, date and place of birth, major field of study, classification, participation in any officially recognized activities and sports, weight or height of members of athletic teams, dates of attendance, degrees and award received, and most previous recent educational institution attended.
I will not release any information about a student who has requested a total suppression of information, nor will I release any optional directory information on an employee who has requested to have his/her directory information suppressed.
I will not release information about students, staff or employees that was requested on the basis of non-public information (for example - names of all international students, names of all students with a GPA of less than 2.0, etc.)
I have read the NMSU Non-Disclosure Agreement and agree to comply with its provisions. I understand that failure to comply may result in disciplinary action, including termination of employment.