- Students, faculty and staff expect the University of Minnesota and its representatives to respect individual privacy whenever possible.
- As a public university, the University must comply with state and federal laws — and its own policies — governing what student and employee information is considered public and what is considered private. • Private student data can only be shared internally with University employees with a legitimate interest in the specific information based on their job responsibilities. Similarly, private employee information can only be shared internally with University employees whose work responsibilities require it.
- All faculty and staff are expected to refrain from contributing to rumors or spreading potential misinformation that damage reputations and disrupt workplaces/classrooms. Discussions regarding sensitive or private issues — particularly investigations or complaints — must be handled with the utmost professionalism and discretion.
- Rather than focusing on details of sensitive or private issues — information likely defined by law as private information — focus on reinforcing University values and providing support to students and colleagues.
Why can’t University representatives divulge information about many incidents or allegations?
The University, like other public higher education institutions, must follow several Minnesota state statutes and federal laws that detail what information about a student or employee (i.e., faculty and staff) is public or private. Some of the more common statutes you will see cited are M.S. 13.32 and FERPA, which govern student data, and M.S. 13.43, which governs certain employee and volunteer information.
The Minnesota Government Data Practices Act (M.S. Chapter 13) and other state and federal laws also classify other data as private or nonpublic. Failure to comply with these laws can subject the University to loss of federal funds and to civil lawsuits. Employees that willfully violate these laws are guilty of a misdemeanor and such violations can be just cause for suspension or dismissal. Additionally, the University has its own policies in place regarding public and private information. Please see examples of what is public, private and confidential data from the University Policy Library.
Here are some important questions the University must consider before providing information:
- Does the information concern an allegation or complaint against a prospective student, student, employee/volunteer, or job applicant (whether or not they are currently at the University)?
- If yes, the data is private data, with limited exceptions when an employee or student is found responsible for violating University policy at the completion of a full University review and discipline process.
- For employees, the existence and status of a complaint may be disclosed (e.g., a complaint was received and is pending), but the nature of the complaint cannot be disclosed in any way.
- Is data suppressed?
- Outside of directory data, all data related to a student is private data, but even directory data on students cannot be released in connection with allegations of wrongdoing.
- For data on employees/volunteers, is the information sought personnel data under M.S. 13.43? If so, is it classified as public personnel data?
- All personnel data is presumptively private personnel data unless expressly made public in one of the limited categories set forth in M.S. 13.43.
- If private data is sought to share internally at the University, does the employee seeking the information need the specific information at issue to perform their job duties?
- Examples of certain employees that may need information include certain EOAA staff, certain OGC staff, or certain University, college, or department leaders and communications staff. Applicable laws require these determinations be made on a case-by-case basis. The University cannot legally share information with employees that do not need the information to do their job.
- Did the incident take place off campus or is it subject to criminal proceedings?
- While the location of the incident may affect how the University can investigate based on jurisdictional restrictions, it has little effect on the University’s data privacy obligations. The same considerations for private data that are cited above apply in either case.
A student, faculty or staff member is asking me about an incident or allegation. What do I tell them?
It’s important to remember that incidents involving students or those involving alleged misconduct by a student or employee are complex. When speaking with others, here are some guidelines:
- Acknowledge the speaker’s questions or concerns.
- If applicable, share information the University has already shared publicly.
- Do not speculate or provide information that is protected, could be reasonably expected to be private, or is hearsay.
- Focus on reiterating the University’s and/or your department’s values, as well as providing support and resources. These can include mental health resources provided from the Office for Student Affairs or the Office of Human Resources, support from The Aurora Center, ways to contact EOAA, etc.
- Let the leadership in your college or unit — as well as your communications leader — know that questions are surfacing so they can determine whether broader communication within the necessary legal parameters is necessary.
What if it is an emergency situation and there is a need to communicate an incident?
There are limited exceptions that apply to circumstances when the health or safety of students or employees is under imminent threat of harm. These are circumstances where the first call should be to 9-1-1.
Should leadership in my college or unit communicate broadly about an incident or allegation to students, faculty and staff?
Depending on the incident, there may be a need or an opportunity to communicate formally with individuals within a specific college or unit. If this is something leadership is considering, and they have not already been in contact with University Relations, please reach out to the following individuals for guidance:
- Chuck Tombarge, Chief Public Relations Officer, email@example.com
- Jake Ricker, Public Relations Director, firstname.lastname@example.org
- Christie Wells, Internal Communications Director, email@example.com