Family Educational Rights & Privacy Act
In light of recent incidents on other college campuses and in preparation for the new school year, it's a good time for all to remind ourselves of our obligations - and rights - under FERPA, the federal statute that governs the privacy of student records and information.
In general terms, FERPA prohibits the disclosing of student records (or information from student records) to anyone other than the student to whom the records pertain, unless we have the student's consent. The records that are covered are not limited only to "academic" records. FERPA certainly does protect transcripts, exams, grades, and the like, but it also protects virtually all other records, in any format, that contain personally identifiable information about a student, including the following: the student information database, class schedules, financial account and financial aid records, disciplinary records, "unofficial" records, and even photographs and emails. Moreover, "personally identifiable information" includes not only express identifiers such as names, addresses, and ID numbers, but also other information from which the student's identity could be ascertained, either by itself or in combination with other available information. For example, a record containing such demographic information about a student as gender, age, major, class year, and residence might well make the student personally identifiable even if it does not list the student's name.
Given the breadth of FERPA, it's best to assume that all records concerning students are covered unless a student is sure that they're not. Fortunately, however, there are a number of exceptions to the nondisclosure requirement that enable the Registrar to conduct its academic business and make appropriate disclosures even without the relevant student's consent. The most important such exceptions are the following:
- The Registrar may disclose any student records to other college officials (including other students serving on official College committees) who need the information in order to perform their College duties and functions. Thus, for example, a faculty member may (and, of course, should) turn student grades in to the Registrar's Office; an RA who observes a potential disciplinary violation may (and should) inform the College's Disciplinary Committee; and any employee with concerns about a student's mental health may (and should) raise them with the Office of Student Development and, if it involves immediate safety issues, Public Safety.
- The Registrar generally may disclose "directory information" about a student to anyone (though we should use appropriate discretion in doing so). "Directory information" includes a student's name; local, home, and e-mail addresses; local and home telephone number; major field of study; dates of attendance; anticipated degree and degree date; degrees, honors, and awards received; and photograph.
Note, however, that students have the right to "opt out" of having their directory information disclosed. Accordingly, the Registrar must confirm whether a student has done so before releasing directory information about that student. The student can obtain such confirmation from the Registrar's Office.
Note also that the Registrar cannot disclose directory information in ways that would disclose other, non-directory information. For example, the Registrar cannot provide a list containing only names and addresses in response to a request for the names and addresses of all students who have disciplinary records or who have a specified GPA or higher, because in doing so, the Registrar would implicitly be revealing that those particular students have disciplinary records or the specified GPA, which is protected information.
- The Registrar may disclose any records or information about a student to the student's parents, but only if we first have confirmed that the student is their dependent for tax purposes, either by checking with the student or by obtaining a copy of the parents' most recent tax return. For purposes of this exception, it makes no difference whether the student is a minor.
- When the Registrar have a good-faith belief that there is a health or safety emergency, we may disclose student records and information relevant to that emergency to anyone we reasonably believe can help deal with that emergency. In general, and when reasonably possible, the initial disclosure should be made to professionals trained to evaluate and handle such emergencies, such as Public Safety or the Office of Student Development, who can then determine whether further and broader disclosures are appropriate.
In addition, there are a number of other, more limited exceptions for specific situations.
Keep in mind that all of these exceptions are discretionary, that FERPA does not require the Registrar to disclose student records to anyone other than the relevant student, and that there may be other legal or policy reasons not to disclose information even when FERPA would allow us to do so.
Here are some things that the Registrar should not do:
- Post a list of student grades by SSN or ID number.
- Leave graded tests or papers out in a stack for students to sort through and pick up.
- Send student information on a post card instead of in a sealed envelope.
- Discuss a student's situation with others not directly involved in the situation or where they might overhear.
- Release student information by phone or e-mail without first verifying the identity of the recipient.
- Leave student records where they could be seen or accessed by others.
- Dispose of old student records in the normal trash.
- Access the student information database or other student records for reasons unrelated to our individual College duties and functions.