Personally Identifiable Information

Kennesaw State University (KSU) is committed to protecting the privacy and security of personally identifiable information (PII) about students, employees, and other individuals. PII includes any data that can identify a person directly (such as name, ID, or email address) or indirectly (through combinations of de-identified data). Access to PII must be limited to those with a legitimate, job-related need and handled in accordance with federal, state, and institutional policies, including FERPA.

Requests for PII must support the University’s mission and will be reviewed on a case-by-case basis by the appropriate Data Steward. Approved purposes typically include:

• Required reporting to the University System of Georgia (USG), federal, state agencies, or accreditation agencies
• Compliance with laws, regulations, subpoenas, or court orders
• Research or institutional improvement activities authorized by University leadership
• Legitimate operational needs for employees performing official job duties

All disclosures must be narrowly tailored to the stated purpose. Requests unrelated to KSU’s mission require prior written approval from the President or designee and may be subject to formal legal processes (e.g., Georgia Open Records Act). Unauthorized access, sharing, or use of PII beyond one’s job responsibilities is strictly prohibited.

Approved November 2025.