Mapping Your Future: Protecting the personal information of your students


Protecting the personal information of your students

By Catherine Mueller

April 05, 2018

Email is probably one of the greatest communication inventions for business in recent times.

Email has certainly made it much faster and efficient to communicate with our colleagues all over the world. However, there are some drawbacks such as dealing with the overwhelming amount of email and all of the junk messages.

In addition to the annoyances, email can be a problem if students want to send you a document containing personally identifiable information (PII). This issue is among the frequently asked questions (FAQs) posted on the Federal Student Aid website for postsecondary institutions (PSIs).

    We recently heard in an FSA conference session that we can no longer accept faxed or emailed copies of taxes or tax transcripts. Is this the case? Are we permitted to accept such documents via a student's school email account?

    PSIs should never solicit personally identifiable information (PII) - especially sensitive personally identifiable information (SPII) - through means that are known to be insecure. PSIs should review their information requests and guidance to students and parents to ensure that instructions are clear about the explicit protection of data and how to transmit data securely transmittal. PSIs must have secure means to receive inbound PII and SPII from students and parents. Secure means could include an appropriately safeguarded fax, a secure web portal to upload data and documents, student email accounts that encrypt communications to at least an AES-256-bit level, or separately encrypted attachments that are password protected (with the password provided in a separate email). PSIs must remediate all data breaches. A data breach could be created if a student or parent sends PII or SPII via unsecure means, which would allow PII or SPII to be accessible by individuals who do not have a need to know. PSIs must remediate this type of data breach immediately each time it occurs. However, at this time, this type of data breach does not need to be reported as an institutional data breach to FSA.

The FAQs do provide information about how students and parents can encrypt documents. However, an easier and faster way to get document is to use a secure upload process.

Mapping Your Future offers MappingXpress, an easy-to-implement process and secure document transfer process. For more information, contact Beth Ziehmer at or 1-800-374-4072.