Student Records, Privacy, and Information Security Program

At Southern States University, nothing is more important to us than the success of our students and website users, including the protection of their personal data. With students and users from all around the world, the University adheres to the following records, privacy, and information security regulations:

  • Family Education Rights and Privacy Act (FERPA),
  • Gramm-Leach-Bliley Act: Sections 501 and 505 (b) (2),
  • FTC regulations: 16 CFR 313.3 (n) and 16 CFR 314.1-5
  • US Code: 15 USC 6801 (b), 6805 (b) (2)
  • European Union’s General Data Protection Regulation (GDPR).

Southern States University has designed the information security program under the direction of the Director of Administration and in collaboration of the Office of the Registrar.  The Director of Administration is the officer responsible for oversight, revision, and maintenance of the University’s security program. The Office of the Register is responsible for collecting and maintaining official academic records for all applicants and students admitted to Southern States University and promotes student success beginning with the student’s application to the University and concluding with graduation from SSU.

Gramm-Leach-Bliley Act

In 1999, Congress enacted the Gramm‐Leach‐Bliley Act (Public Law 106‐102). This Act requires that lenders provide certain information to their customers regarding the collection and use of nonpublic personal information.  We disclose nonpublic information to third parties only as necessary to process financial information and as permitted by the Family Educational Rights and Privacy Act of 1974 (FERPA). We do not sell or otherwise make available any information about students, staff, faculty, or any other stakeholder of SSU to any third parties for marketing purposes.

SSU protects the security and confidentiality of personal information in accordance with the  Protection of Consumer Information Under the Gramm Leach Bliley Act. All physical access to any and all University sites and locations where nonpublic personal information (also referred to as Student Directory Information) is maintained, controlled, and monitored by authorized university personnel. Our computer systems offer a high degree of resistance to tampering and circumvention., thus limiting data access to approved staff and contract staff on a “need‐to‐know” basis, inclusive of individualized user control protocols which limit  individual users’ ability to access and/or alter records within the university’s information systems. All users of these systems are given a unique user ID with personal identifiers.

General Data Protection Regulation

The GDPR expands the privacy rights granted to European individuals and requires certain companies that process the personal data of European individuals to comply with a new set of regulations. In particular, the GDPR may apply to companies that process the personal data of European individuals and have a presence in the EU (e.g. offices or establishments) and to companies that do not have any presence in the EU but target the European market (e.g. by offering goods or services to the European market) or monitor the behavior of European individuals. SSU is here to help our students in our collective efforts to comply with the GDPR.

What is GDPR?

In 2016, the European Union (EU) approved a new privacy regulation called the General Data Protection Regulation is commonly known as the GDPR. It is a mandatory ruling that applies to all companies that collect the data and information of EU individuals and meet certain territorial requirements. The GDPR is designed to strengthen the security and protection of personal data in the EU, as well as provide businesses with a structured framework on how to collect, process, use, and share personal data. Under the GDPR, the concept of “personal data” is very broad, and covers almost any information relating to a specific individual.

This policy affects the legal rights and obligations of individuals, so please read it carefully. For questions regarding GDPR, contact

A copy of the full Student Records, Privacy, and Information Security Program can be downloaded here: (SSU Student Records, Privacy, Info Security Program).


Our Data Protection Officer can be contacted directly here:

Southern States University
Office of Information Technology, Information Security Office
1729 Fifth Avenue
San Diego, CA 92101