Compliance and Ethics
Compliance and Ethics
Yes, Article 23 allows member states to make derogations in special circumstances based on specific criteria.
Please see below a video explaining more about GDPR which was created by the Wall Street Journal- WSJ.
Although the GDPR is not a law passed in the U.S., it may be applicable to various activities that The University of Southern Mississippi engages in relative to processing, storing or managing EU resident's personal data (i.e. those individuals residing in the EU at the time they access systems in which USM is processing/storing/managing their data).
Additionally, contracts that involve processing of data of individuals in the EU or EEA must contain certain protections. If you are in the process of negotiating a contract that involves the collection, storage or transmission of data collected from individuals who are in the EU or EEA, please contact gdprrequestsFREEMississippi and provide a copy of the proposed contract along with your contact information as well as the timeline for finalizing the contract Do not enter into a contract until the contract has been reviewed for GDPR provisions as a data processing agreement is needed that contain certain provisions between the data processor (a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller) and the data controller (A controller determines the purposes and means of processing personal data).
European Union (EU) and European Economic Area (EEA)
European Union Countries include:
Republic of Cyprus
EEA (European Economic Area) countries include: Iceland, Lichtenstein and Norway.
GDPR rights only apply to those individuals located in the EU or EEA at the time their personal data is processed.
Any request to exercise rights under the GDPR will require that the individual provide documentation:
verifying their identity, and
verifying they were in the EU or EEA at the time their personal data was processed.
If an individual is requesting rectification/correction of a record, information must be submitted as to where the error lies thereby justifying rectification.
NOTE: Request by domestic students cannot be honored as the law is only applicable
to those individuals who can verify through time-stamped documentation that they were
in the EU at the time their personal data was processed.
Within the scope of the GDPR is storage or use of personal data for those actions or activities that:
occur in the EU;
involve reaching out to EU residents to initiate an offer for goods or services; or
record EU resident's activity online or relate to the control or processing of data relative to EU residents (i.e. individuals residing in the EU at the time that the University processes their personal data).
The GDPR takes a wide view of what constitutes "personal data", which includes each of the following:
Basic identity information such as:
as well as web data such as:
cookie data and
The GDPR also defines what constitutes special category data, which requires that added protections be implemented to protect the data from disclosure:
trade union membership;
biometrics (where used for ID purposes);
sex life; or
If you are in the EU (Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK) at the time you access our systems, you may be able to assert certain rights relative to any of the personal data we are processing, but you will have to show proof of your identity as well as of your EU residency to assert any of the rights listed below.
Right to be Informed
Right to Access
Right to Rectify
Right to Erase/to be Forgotten
Right to Restrict Processing
Right to Data Portability
Right to Object
Rights in relation to automated decision-making and profiling
Right of Access
A data subject can obtain the following information:
confirmation that their personal information is being processed;
a copy of the information;
supplementary information regarding processing that details each of the following:
purpose of processing categories of personal data concerned recipients or categories of recipients that have obtained the data subject's personal data or to who will have said data disclosed to them
if possible, the length of time that data will be stored (i.e. data retention period), or the criteria used to determine the data retention period a list of any sources who provided personal data directly regarding the data subject.
Right to Rectification
A data subject can request that any inaccurate or incomplete personal data be corrected or that a supplemental statement is added.
The University may determine that rectification is not warranted and will provide the data subject with an explanation as well as informing the data subject that they can complain to the Information Commissioner's Office to request a judicial remedy.
If the University determines that rectification is warranted, we will contact each recipient who has obtained the data from us and advise them of the need for correction unless doing so results in disproportionate effort.
Right to Erasure-Individual Rights
Individuals can exercise their right to be forgotten/erasure in the following situations:
if personal data held is no longer necessary relative to the purposes for which it
was collected or processed;
if consent is withdrawn and consent is the only basis for processing;
if the individual objects to the processing of their data and no overriding legitimate ground for continued processing exist;
Where data has been processed unlawfully;
if personal data must be erased to meet a legal obligation.
Right to Restrict Processing
In the following situations, an individual can request to block or suppress the processing of their data:
if an individual contests the accuracy of the personal data, processing will be restricted
until the accuracy of said data has been verified;
if individual objects to the processing of their personal data (where processing was necessary to perform a public task or based on a legitimate interest, processing of data will stop for the duration of the investigation aimed at determining if the legitimate grounds override the individual's objection;
if processing is unlawful, and the data subject requests restriction rather than erasure;
if the University no longer requires data but data subject requires to establish, exercise or defend a legal claim.
Right to Data Portability
An individual has the right to receive a copy of any personal data provided by him/her to the University in a structured, commonly used and machine-readable format (e.g. CSV).Categories. The following categories of data are subject to the right to portability:
If feasible from a technical standpoint, data will be transferred directly to another controller based on the data subject's request.
If the University cannot transfer the data to another controller directly, the data subject will need to arrange his/her own transfer.
Information will be provided free of charge in response to an initial request.
Right to Object
Individuals have the right to object to:
Upon receipt of a right to object request, processing must stop unless:
Research being conducted for the public interest is not subject to having an individual exercise their right to object and those conducting research of that nature are not required to comply with the request.
Right in Relation to Automated Decision Making and Profiling
Individuals have the right not to be subject to decision making based solely on automated processing, including profiling (i.e. use of personal data to make predictions about you). Decision-making conducted solely through automated means does not involve humans and instead is conducted using technological means using your personal data to base said decisions (e.g. use of an algorithm).
However, automated decision-making is allowed if there is no other way to achieve the same goal to enter or perform a contract or you have given consent to said decision-making.
A reasonable fee may be charged for repetitive requests, manifestly unfounded requests, excessive requests or further copies (Rec. 59; Art.12(5), 15(3), (4)), but payment may be required if multiple requests for the same data are submitted.
All rights listed below are available to individuals who can assert them under the GDPR based on being or having been a resident in an EU country who have had their data processed by USM while they were a resident of the EU. To process your request, we will need verification that you were an EU resident and of your identity.
The erasure of your information shall be subject to the retention periods of applicable federal law and the Record Retention Schedule applicable to University records- for additional information click the button below:
Destruction of records shall be conducted in manner appropriate to preserve the confidentiality
of information relative to the level of sensitivity, value and importance of said
data to The University.
If you have questions about records retention, please contact Lorraine A. Stuart, Head of Special Collections at Lorraine.StuartFREEMississippi (601.266.4117) or Records Management Specialist Jessica Clark at J.M.ClarkFREEMississippi (601.266.5776).
If the University made personal data public and is obligated to erase the data, The University may refuse the individual's exercise of their right of erasure:
Requests will be processed within thirty days of submission unless said requests are complex thereby warranting an additional two months for completion.
If a request is determined to be complex thereby requiring an additional two months for completion, the data subject will be notified.
We will answer your request or request additional information from you within 30 days. We may extend this process for up to two months, in which case we will notify you of the extension within a month.
The processing of this request is free of charge, but we reserve the right as allowed under GDPR Article 12(5), to charge an administrative fee under certain circumstances.
We may refuse to act, as allowed under GDPR Article 12(2) and 12(5) on requests if they are insufficiently substantiated, unfounded or excessive.
The information you provide (including verification of your identity and residency in the EU) will be processed solely for the purpose of verifying your identity and residency, identifying the information you are requesting.
Research is affected if it involves processing of personal data about individuals who are located in the EEA (regardless if they are citizens of the EEA):
Processing is defined in GDPR Article 4(2) as "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".
As defined by Article 4 of the GDPR, both the data controller and the processor are responsible for protection of personal data.
The data controller is responsible for ensuring that the data is handled in compliance with GDPR. According to Article 4, the data controller is "the natural or legal person, public authority, agency, or other body, which alone or jointly with others, determines the purpose and means of the processing of personal data"; and
The data processor makes sure that the data is processed in adherence with the conditions set forth in the Data Processing Agreement. By definition, the data processor is "a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the [data] controller".
Personal data (i.e. information that allows for the identification of an individual) and sensitive data (i.e. special set of data to be treated with additional security) are both covered by GDPR including, but not limited to the following examples:
Sensitive Personal Data
Note: The protections provided by GDPR expand beyond the immediate subjects to include third parties.
Typically, personal data is protected even if it was previously disclosed publicly because GDPR involves both privacy as well as how such data is used.
If data is anonymized, then GDPR does not apply as to the personal data. However, to be considered anonymous, a key cannot exist that will make it possible to identify individuals. Hence, HIPAA de-identification information is only considered pseudonymized because using the key to the data exists that allows the data to be re-identified.
Individuals located in the EEA. It does not matter if the individual is a EEA citizen or EEA resident.
If a citizen of the EEA is located outside of the EEA while participating in a research study, GDPR will not apply as long as none of the organizations involved in the study are in the EEA and the data is not transferred into the EEA.
Generally, children under the age of 16 cannot consent to have their data processed (including having their responses to research processed) unless such processing is authorized by an individual who is parentally responsible for the child consents.
NOTE: Member states can consider a child to be less than 16 but no younger than 13 years of age. (See Article 8 of the GDPR)
Although the General Data Protection Recital 27 indicates that GDPR does not apply to the personal data of deceased individuals, each EEA member state can issue rules relative to the processing of the personal data of deceased individuals. Some EEA member states have passed such regulations- see personal data of deceased persons.
If the data is fully anonymized before receipt and your team does not receive a key to reidentify, then GDPR does not apply.
However, if you receive pseudonymized or personal data that has not been anonymized, then GDPR will apply if any of the following are true:
the data was collected by an organization located in the EEA;
collected from individuals while they were located in the EEA; or
transferred out of the EEA
Yes, GDPR applies if the personal data is currently being processed even if it was collected before the effective date if the data was collected by an organization located in the EEA; collected from individuals located in the EEA; or transferred out of the EEA. It does not matter when the data was originally collected just that it falls under one of the three criteria for being subject to GDPR.
If you can exclude the collection, storage, etc. of personal data from the EEA without adversely affecting your study, then you can apply methods aimed at excluding the collection of such data such as:
Using a question to identify if the individual responding to your survey study is in the EEA. Then if the individual answers self-identifies themselves as being in the EEA, discontinuing the survey based on that criteria.
If you are conducting telephone surveys, always ask those who you call if they are in the EEA if you are calling them based on a phone number that is not a landline tied to a specific location.
If you are mailing surveys, do not mail out surveys to individuals in the EEA.
1) Collect and process only the minimal amount of personal data. Collecting minimal amounts of personal data limits risks to privacy and lessens the risk of noncompliance.
2) To the degree possible, avoid collecting sensitive information or special/sensitive personal data such as:
3) Avoiding collection of information about criminal offenses or convictions as those can only be collected and processed if the research is being conducted under the control of an official authority of an EEA country or if the processing is authorized by EEA or the laws of a member state.
4) If you cannot anonymize the data, pseudonymize it. Pseudonymization means that you can identify who provided the data using a key that is kept separate from the data set as well as being protected from both technical and administrative measures. Keep in mind that reversing pseudonymization without an authorization represents a personal breach of data if it places the data subject at risk.
Click on the button below to submit a GDPR request. Click to login using SOAR user name and password; and then click on service request.
In the event that there is a data breach involving covered personal data of students, employees, alumni, or vendors, the University will notify the appropriate supervisory authorities within 72 hours, where feasible, after becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of data subjects.
If the breach is likely to result in a high risk to their rights and freedoms, The University will also notify individual data subjects of a data breach regarding their personal data. The notification to data subjects will include the nature of the breach and recommended steps the data subject should take in order to mitigate potential adverse effects. Initial notification may be general in nature and as additional information is known a supplemental notice will be issued.
How does the University handle data transfers?
As needed, The University may transfer personal data outside of the EU and may also share personal data with third party organizations both within and outside of the EU. Where personal data is shared, The University will require that appropriate safeguards be implemented to protect the personal data. Safeguards include but are not limited to: requiring third parties to sign data security contracts (i.e. Data Protection Agreements (DPAs), and anonymizing data.
Access the full text of the GDPR-
Review the exact text of the regulation by clicking the button below
The GDPR provides the aforementioned rights only to those individuals who have been in the EU and can verify that they have been in the European Union (EU) or the European Economic Area (EEA) at the time their personal data was processed by the data controller (i.e. USM). Click here to view a list of the countries included in the EU and the EEA.
Any request to exercise rights under the GDPR will require that the individual provide documentation:
verifying their identity, and
NOTE: Request by domestic students cannot be honored as the law is only applicable to those individuals who can verify through time-stamped documentation that they were in the EU at the time their personal data was processed.
If you are able to meet the verification requirement, please be sure to read the entire Privacy Notice before moving forward with submitting a request to exercise rights under the GDPR. Information on how to submit a request to exercise rights under the section labeled Submit a GDPR Request near the bottom of this page.
The University of Southern Mississippi ("USM") is committed to protecting the privacy of personal data. In compliance with the General Data Protection Regulation (GDPR) effective as of May 2018, we are issuing this notice to outline how we collect, use and disclose personal and special category data provided by students, faculty, applicants, alumni, donors, research subjects and any and all other individuals disclosing personal and/or special category data, which is subject to the GDPR.
This notice addresses how USM processes your personal data if you are an individual with rights under the General Data Protection Regulation (GDPR).
Data controller is the person, company or other body that determines the purposes and means of personal data processing. For purposes of this notice, USM is the data controller.
Data Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and harmonizes data privacy laws across Europe, to protect and empower all EU citizens with data privacy while also reshaping the way organizations across the region approach data privacy. For additional information about the GDPR see the EU Data Protection page.
Personal data is defined as any information relating to a person who can be directly or indirectly identified in particular by reference to specific data collected or provided by you. Examples include name, email address, IP address, online identifier, and identification number. Additional examples relate to an individual's physical, physiological, genetic, mental, cultural, economic or social identity.
Personal data breach is a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data.
Sensitive personal data otherwise known as special category personal data includes race, genetic data, ethnic origin, religious or philosophical beliefs, trade union membership, health data, genetic data or biometric data, sexual orientation, and criminal convictions.
For other pertinent definitions see Article 4 of the GDPR.
Data (both personal and sensitive in nature) is collected, processed, and may be shared/transferred both internally and externally (i.e. with third party vendors contracted to perform functions for USM who are subject to both confidentiality as well as safeguarding measures focused on preventing unauthorized disclosure) in order to satisfy contractual, statutory, or public interest purposes, including, but not limited to:
Responding to initial requests for information about the University
Recruiting, evaluating and managing those applying for or admitted to programs (in-person or online)
Registering and advising individuals
Designing and implementing education programs as well as services, activities or to provide reasonable accommodations
Facilitating participation in study abroad programs
Monitoring academic progress
Assessing and improving educational offerings using both general demographics as well as statistical research
Meeting state and federal reporting requirements and to comply with applicable laws
Enforcing University policies
Processing applications for employment
Processing financial aid requests including reporting to appropriate federal and state government agencies
Managing student accounts
Assisting with the completion of visa sponsorship for study, work or research at USM, as appropriate to comply with applicable immigration laws
Assigning or facilitating housing requests for those residing on campus while enrolled
Exercising scientific and historical research
Maintaining relationships with alumni or donors through notifications of services, donations, fundraising as well as other functions
Archiving purposes in the public interest
Data that has been de-aggregated or de-identified can be shared without any limits being placed on such disclosure.
De-identified and Aggregate Information: Once data has been de-identified or anonymized(per Recital 26 of the GDPR, data is anonymized when it can no longer be used to identify an individual/data subject) or aggregated (set forth in a summarizing manner that does not allow identification), we may disclose said data without limitation.
Under the GDPR, data can only be processed if it is being processed based on one of the basis listed below (i.e. legal basis) [see Information Commissioner's Office page on Lawful Basis for Processing]:
Those consenting for processing of their data must be 16 years old or older, as consent is only valid from those 16 or older) [see Article 8 of the GDPR].
Conditions Necessary for Valid Consent
Consent is only valid if it is freely given and not a condition of receiving a product or service unless the information being provided is required for the delivery of the product or service; and a mechanism for withdrawing consent must be provided that includes an active and unamibiguous opt-in approach without use of any automatically checked boxes indicating consent. For valid consent, the purpose and use for which consent is being sought must be clear and prominently present.
|To help the University learn more about you and your interests||Legitimate interests of the University - legitimate interest in learning the educational needs of potential students and program participants|
|To help you learn more about and/or apply for the University and its programs by giving you access to or sending you relevant information about university programs and events||Legitimate interests of the University - legitimate interest in making potential students and program participants aware of the University's offerings|
|To respond to requests for information about admission to the University or about participating in online courses or other programs at the University||Performance of a contract or to take steps at the Data Subject’s request prior to entering into a contract|
|To recruit, evaluate, and manage persons who apply to the University for admission, take courses at the University, participate in programs offered by the University, or attend the University, either in person or online, and to perform related activities needed to foster and maintain these relationships||Performance of a contract or to take steps at the Data Subject’s request prior to entering into a contract|
|To operate and facilitate registration and participation in online and in-person education programs, including those relating to professional licensing requirements||Performance of a contract or to take steps at the Data Subject’s request prior to entering into a contract|
|To evaluate applications for and administer financial aid, including reporting to relevant federal and state government agencies|
|To facilitate application for and sponsoring of visas to study, work and/or research at the University, including all functions necessary to comply with applicable immigration laws|
|To assign housing and facilitate housing requests for individuals studying or participating in programs at or through the University|
|To conduct study abroad programs offered by or coordinated through the University|
|To provide on-campus and distance learning information technology and other services to students, including network, authentication and help desk services|
|To respond to an individual’s request for records relating to an individual’s time at the University, such as transcripts, tax documents, employment documents, etc.|
|To respond to an individual’s request for records relating to an individual’s time at the University, such as transcripts, tax documents, employment documents, etc.|
|To engage the services of an independent contractor and all uses the incident to that engagement|
|To employ persons to work for the University and all uses incidental to that engagement including but not limited to evaluation and management of employees and administration of employee benefits|
|To conduct transactions and business with individuals, such as processing payments made by credit card to the University and payments made by the University to you|
|To host and allow individuals to attend and participate in University events, including educational, artistic, and sports camps and sporting events|
|To facilitate review and evaluation of University programs, including academic, sports, and other programs, by accrediting organizations, government entities, third-party ranking organizations, and other appropriate bodies||Legitimate interests of the University - legitimate interest in providing and maintaining a world-class higher education experience at the University|
|To promote safety, integrity, and security of the University’s information technology systems||Legitimate interests of the University – legitimate interest in maintaining IT and network security|
|To protect the University community, including you, and to keep its members safe wherever they are located||Legitimate interests of the University – legitimate interest in physical security|
|To report salary data to social security or tax authorities and otherwise comply with applicable EU or Member State laws||Necessary for compliance with a legal obligation|
|To allow individuals to visit University facilities||Legitimate interests of the University - legitimate interest in physical security|
|To facilitate and administer the reservation and use by individuals of University facilities|
|To facilitate the use of volunteers and to evaluate and manage individuals who volunteer to assist the University in any capacity, and to perform related activities required to foster and maintain these relationships||Legitimate interests of the University—legitimate interest in physical security|
|To respond to subpoenas, court orders, agency requests, and other legal requests for records relating to an individual’s time at the University, such as transcripts, tax documents, employment documents, etc.||Legitimate interest of the University – legitimate interest in complying with U.S. and state laws and not being held in contempt of court or having penalties imposed|
|To engage third parties to collect sums owing to the University or to otherwise take action to collect outstanding debt from an individual||Legitimate interests of the University—legitimate interest in recovering sums owed to it and enforcing its legal claims whether in or out of court|
|To respond to proper requests for information as required by the Illinois Freedom of Information Act and the U.S. federal Freedom of Information Act||Legitimate interests of third parties—legitimate interest in the publication of data for purposes of transparency and accountability|
|To stay connected with University alumni||Legitimate interests of the University—legitimate interest in communicating unsolicited non-commercial messages|
|To allow and facilitate individuals to perform research at or with the University|
|To utilize individuals as subjects of research performed at or through the University, and to perform related activities required to foster and maintain this relationship||Consent|
|To facilitate the provision of medical treatment and the filing of claims for payment from insurance companies and/or government agencies||Consent|
|To raise funds to support the University and its programs||Consent|
We will not utilize your personal information to carry out any wholly automated decision-making that affects you.
Appropriate technical and organizational security measures are in place aim to protect data when transmitted and once stored in systems which we directly control and systems which we control through a third-party vendor.
Review the Information Privacy Statement for additional information.
USM retains your data pursuant to applicable state and federal law, and in adherence to the specific retention periods that apply to such data.
If a request is entered for data destruction, it will only be processed if doing so does not contradict state or federal law, including but not limited to, data retention rules.
If subject to the previous paragraph, it is determined that data destruction (exercising right to be forgotten) is not barred by federal, state (including data retention rules), any destruction of data shall be conducted in the manner that best preserves and ensures the confidentiality of the information based on the sensitivity, value and how critical the data is to the University.
Rights Available Under GDPR
Click here for additional information from the Information Commissioner's Office (ICO) regarding exercising the rights listed above.
Please note that the University is subject to federal and state laws, including but not limited to the Family Educational Rights and Privacy Act, that may require that we request, process and retain and report on certain types of data. These legal obligations may also affect actions we would be permitted to take in response to a request to exercise your GDPR data rights, especially the right to have your data erased.
For general information on these rights, please see the Information Commissioner's website.
Erasure of data shall be subject to the retention periods of applicable state and federal law. USM adheres to specific records retention schedules.
See the Information on Records Retention Schedules page for additional information.
If you have provided consent to the use of your data and USM is not processing your data under any other legal basis, you have the right to withdraw consent, and USM will no longer be able to process your data (i.e. effective as of the data the request is received).
Withdrawal of consent does not affect the lawfulness of the University's use of the data prior to receipt of your request to withdraw consent.
Data created in the European Union may be transferred out of the European Union to the University. If such a transfer occurs, the University will adhere to the requirements of the General Data Protection Regulation to ensure that adequate technical and organizational controls are in place. If the transfer involves USM’s third-party vendors, USM will monitor the transfer to ensure that adequate technical and organizational controls are implemented.
Sharing of Personal Data
Personal data may be shared if it has been made public by the individual. Your personal information may be shared with relevant staff as needed based on one of the legal grounds for processing personal data.
For purposes of enrollment, providing services, contractual compliance, or in compliance with legal requirements, your data may be shared with external organizations, including, but not limited to:
After you graduate a core record of your studies is retained indefinitely so that the details of your academic achievements can be confirmed and for statistical or historical research. Your contact and core personal details are passed to the Alumni office while you are still a student so that you can be added to the alumni database.
If you feel the University has not complied with applicable foreign laws regulating such data, you can contact us at the email address listed above. Alternatively, you can file a complaint with the appropriate supervisory authority in the European Union. To find the appropriate authority, view the Data Protection Authority list.
E-mail GDPRrequestsFREEMississippiNOTE: Identity verification and verification of presence within the European Union (EU) or European Economic Area (EEA) during the time when personal data was processed must be submitted. Additionally, you will need to specify that data with which you are concerned and specific which right you are asking to exercise.
This notice may be updated or changed at any time. Continued use of the USM website after any updates to the notice affirms your acceptance of any changes to the notice. This page was last updated on October 17, 2018.
If you have questions about GDPR, please email us at GDPRrequestsFREEMississippi
State authorization represents a means of obtaining state approval to conduct regulated activities (i.e. providing distance education such as online learning, supervised field experiences, as well as engaging in marketing, advertising, hiring out-of-state faculty, etc.).
An institution cannot legally engage in regulated activities in a state without being authorized directly by the state or through a reciprocity agreement if the state is a member of such an agreement.
For more information about state authorization, see the WCET-SAN article.
The National Council of State Authorization Reciprocity Agreements also known as NC-SARA or SARA is a reciprocity agreement among member states, districts, and territories that establish comparable national standards for interstate offering of postsecondary distance education courses and programs. It is intended to make it easier for students to take online courses offered by postsecondary institutions based in another state and offers participating institution in member states the ability to offer distance education in said states.
SARA is overseen by a National Council and administered by four regional education compacts. 49 of the 50 states are members of NC-SARA. As of Fall, 2019, California is not a member; but California does not have a body tasked with regulation of distance education of public or private non-profit institutions.
For additional information about authorization, see the SARA-page.
USM participates in NC-SARA to allow us to engage in regulated activities within the parameters set forth by NC-SARA as listed in the NC-SARA manual.
Annually, we must collect and report data on:
Professional Licensure Disclosure
We must disclose to our distance students whether or not their program of student will lead to professional licensure in the state they are located or in the state in which they indicate to us that they plan to work upon graduation. To achieve that aim, we have created a professional licensure inquiry process that a student can use to submit a request disclosing to us where they plan to reside upon graduation. Students can fill out the Professional Licensure Inquiry Form to obtain information on licensure, which they will ultimately need to have confirmed by the state licensing entity keeping in mind that the rules as well as the regulations that apply are those in place when the student is actually applying for licensure.
For additional information about professional licensure, click the button below:
All University of Southern Mississippi distance education students should attempt to resolve complaints first with the university before contacting outside agencies for resolution.
If the complaint cannot be resolved at the institutional level, the student can contact the NC-SARA portal agent (in every state but California, which is not a member state participating in NC-SARA).
The student can file a complaint using the link below
For additional information about the NC-SARA complaint process, view the NC-SARA workflow for student complaints.
If the distance education student resides in California, they will need to contact the California Department of Consumer Affairs, as USM is a public non-profit institution. The department's website lists their contact information and contains a link to the print and online versions of complaint forms.
The number of students exclusively enrolled in online programs and the number of students in out-of-state supervised field experiences including those experiences which must be reported to the state licensing board before they can take place.
Supervised field experiences include "student learning experiences under the oversight of a supervisor, mentor, faculty member, or other qualified professional, located in the host state, who has a direct or indirect reporting responsibility to the institution where the students is enrolled" regardless of if credit is granted. Examples include "practica, student teaching, or internships".