The Family Educational Rights and Privacy Act (FERPA), as amended (January 8, 2009), is a federal law that protects the privacy of student education records.

It is important that every person who works with student education records understands: what an education record is; what information within that record may be disclosed; and, to whom and under what conditions that information may be disclosed.

An Education Record is any record containing information (including Personally Identifiable Information) directly related to a student that is maintained by an institution, educational agency, or by an individual acting directly for such institution or agency. It may be maintained in any medium: print, film, handwriting, electronic text, photographs, etc.

Education Records do not include:

• Private/Personal notes, data, or records of individual staff or faculty that are kept exclusively by the maker of the records and not accessible or revealed to anyone else;
• University Police records;
• Medical records;
• Employment records which are used only in relation to a student’s employment by the university;
• Financial records and statements of a student’s parent(s)/legal guardian(s); or
• Statistical data compilations that contain no mention of personally identifiable information about any specific student.

Personally Identifiable Information includes, but is not limited to:

• the student’s name;
• the name of the student's parent/guardian or other family members;
• the address of the student or student' s family;
• a personal identifier, such as the student's Social Security number, driver's license number, UIN, or biometric record;
• other indirect identifiers, such as a student’s date of birth, place of birth, or mother’s maiden name; and
• other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty.

Directory Information
Directory information refers to items of information contained in an education record which may be released without the student's prior written consent.  Texas A&M University defines the following items as directory information:

• Name
• Address (Local)
• Address (Permanent)
• Telephone Number (Local)
• Telephone Number (Permanent)
• E-mail Address
• Program of Study (College, Major, Campus)
• Dates of Attendance
• Previous Educational Agencies/Institutions Attended
• Participation in Officially Recognized Activities and Sports
• Degrees, Honors, and Awards Received
• Classification

A student may place a “directory hold” on any or all of the above information at https://howdy.tamu.edu.  Once the student has placed a hold on his or her directory information, the information may not be released without the prior, written consent of the student.

To whom or under what conditions an education record or personally identifiable information (e.g., non-directory information) may be released without prior written consent from the student:

• University officials who have legitimate educational interests
• To appropriate parties, including parents of an eligible student, in connection with an emergency if knowledge of the information is necessary to protect the health or safety of the student or other individuals
• State and local educational authorities
• Law enforcement agents who have a lawfully issued subpoena

In short: Items defined as directory information may be released without the student's written permission, provided that the student has not chosen to restrict his or her directory information. All other personally identifiable information in a student's education record is confidential and should be protected as such.

FERPA DOs and DON’Ts

• DO NOT link the name of a student with that student's social security number or institutional identification number (UIN) in any public manner including posting of grades or printed attendance rosters.
• DO NOT leave graded tests or papers in a stack for students to pick-up by sorting through the tests or papers of all students.
• DO NOT discuss the progress of any student with anyone other than the student (including parents/guardians) without the consent of the student.
• DO NOT provide anyone with lists of students enrolled in classes for any commercial purpose.
• DO NOT provide anyone with student schedules or assist anyone other than professional university employees in finding a student on campus.
• DO post grades using secure technology (see below)
• DO store documents or physical media containing confidential or personally identifiable information in locked file cabinets or drawers and hide the keys in a secure area
• DO encrypt any confidential or personally identifiable information stored on computers, portable computing devices, or portable media. See http://itim.tamu.edu/encryption/ for more information.

Posting of Grades by Faculty
FERPA requires student grades be accessible only to individual students and other authorized personnel. Posting grades in a secure course management system like Blackboard Vista (Bb Vista, formerly WebCT Vista) is the preferred method for distributing grades online at Texas A&M University.  Instructional Technology Services (ITS) would like to remind faculty of the secure, online technologies available on campus for delivering student grades.

ITS is available to support faculty in adhering to university regulations, especially in terms of incorporating new technologies. If you would like more information about using the Bb Vista Grade Book, contact ITS at 862-3977 or email its@tamu.edu.

Special Reminders for Faculty and Staff
Any confidential information stored on a portable computing or storage device must be encrypted with an appropriate encryption technique, according to Standard Administrative Procedure (SAP) 29.01.99.M1.16 (http://rules-saps.tamu.edu/PDFs/29.01.99.M1.16.pdf). Ask your IT support personnel for assistance or go to http://itim.tamu.edu/encryption/ for more information. 

If the unauthorized disclosure or release of confidential or sensitive personal information should occur, see SAP 29.01.99.M1.24 (http://rules-saps.tamu.edu/PDFs/29.01.99.M1.24.pdf) for appropriate procedures.

Additional Information and Questions
Please go to http://admissions.tamu.edu/Registrar/FacultyStaff/Default.aspx and select "Family Educational Rights and Privacy Act (FERPA)" from the menu on the left.  There you will find general information and an online tutorial.  If you have any FERPA related questions, please contact the Office of the Registrar, Records Section at 979-845-1003 or records@tamu.edu.