"Compliance Assistant internet (CAi)" will provide for the tracking of financial aid, eligibility, recruiting of prospective student-athletes, playing and practice season, and athletics personnel matters. CAi will result in member institutions no longer maintaining Compliance Assistant data at the university, but rather, storing Compliance Assistant data on NCAA servers.
To the extent necessary to implement the goals and objectives of CAi, the NCAA has a legitimate educational interest in storing the educational records of student-athletes on behalf of member institutions. These goals and objectives include: (1) a centralized compliance tool that will incorporate all current and applicable legislative standards, (2) the storing of all data on secure computer servers at the national office, where the data shall remain private and accessible only through the use of two separate institutional passwords, and (3) new modules by which member institutions can track data pertaining to the administration of their intercollegiate athletics programs.
As a third-party working with the member institutions it serves, the NCAA is subject to the privacy regulations imposed by the Family Educational Rights and Privacy Act (FERPA) of 1974 (20 USC Sec.1232(g)). These are the same regulations governing the use of personal information by the member institutions themselves. NCAA systems have been designed specifically to insure compliance with these regulations. The underlying identification information used in most collegiate compliance offices is the student-athlete's Social Security Number or Student Identification Number. The NCAA will never disclose this information to any inquirer without the written consent of the student-athlete and the member institution because it is personally identifiable information that may not be shared under FERPA.
The NCAA currently requires student-athletes to sign a FERPA consent as a part of the Student-Athlete Statement compliance package each fall regarding information that determines a student-athlete's athletics eligibility. Student information placed on NCAA servers by NCAA member institutions is proprietary data and shall be used only for the purposes signed and agreed to within the Student-Athlete Statement. The NCAA has instituted reasonable controls to ensure that the information it stores on behalf of member institutions will be shared only with parties authorized to such information pursuant to the Student-Athlete Statement and/or by law. Furthermore, the NCAA has in place an information security program for protecting member institutions' proprietary student-athlete information that fulfills the objectives set forth in FERPA. The NCAA will not access or disclose information provided by the member institution within CAi without permission of that member institution. The institution shall be responsible for the decision to share data with and/or allow access to conference offices or other entities.
The NCAA's security program, in accordance with FERPA, is designed to (i) ensure the security and confidentiality of any student information stored on NCAA servers, (ii) protect against any anticipated threats or hazards to the security or integrity of the stored student information, and (iii) prevent unauthorized access to or use of student information. Only those NCAA employees who need access to your information in order to do their jobs are allowed access. Our security policies are reviewed periodically and revised as required. In the event that a breach of the aforementioned security system occurs, the NCAA will inform all member institutions whose information may have been compromised giving the member institution the ability to inform effected student-athletes. Member institutions should also institute reasonable controls to ensure that information they receive from student-athletes will only be used in connection with FERPA obligations and shall be shared only with persons authorized to such information under the student-athlete statement and/or by law.
Unlike an aggregate research report, which may combine data from hundreds of institutions, raw data may contain personally or institutionally identifiable information. The NCAA relies on the voluntary, active cooperation of its member institutions and others to conduct its research studies on behalf of the membership. In order to obtain necessary research information from its members, the NCAA generally has promised to keep all such information confidential. It is the fulfillment of these pledges of confidentiality that has enabled the NCAA to continue to obtain data that are critical to the Association and its members. For these reasons, the policy of the NCAA is to abide by these pledges of confidentiality and not release non-aggregated research data without the prior permission of its members. This policy will also be followed in those instances in which the release of the data would be for a purpose different than our members intended when the data was submitted to the NCAA. Research reports released by the NCAA research department for the benefit of NCAA members are not included in this policy.
The contact for this page is complianceassistant@ncaa.org
© The National Collegiate Athletic Association